Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Pl8Tb06C8A.exe

Overview

General Information

Sample name:Pl8Tb06C8A.exe
renamed because original name is a hash value
Original sample name:99a5714dc7fee4339e893fb116c78cda.exe
Analysis ID:1574272
MD5:99a5714dc7fee4339e893fb116c78cda
SHA1:48a7ea54dfb0140b1d4128bcd08b73991985720f
SHA256:a7d0341c68a042cee111a854ae1008a83e6e979974db1565ea8397bfb55eccaa
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • Pl8Tb06C8A.exe (PID: 3880 cmdline: "C:\Users\user\Desktop\Pl8Tb06C8A.exe" MD5: 99A5714DC7FEE4339E893FB116C78CDA)
    • taskkill.exe (PID: 3236 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 516 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 4016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 3328 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6548 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 3560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5800 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 5968 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 4396 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 6392 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 1088 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c90f90d-58dd-45ba-a7ab-eb51e3ea8e21} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdbfa6e110 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7600 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3356 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c75143-5654-446b-bddb-adbf1f536fce} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd96bbd10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7244 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4984 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e250ea7-bfc2-4839-b39b-7047e5d75287} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd8083b10 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Pl8Tb06C8A.exe PID: 3880JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: Pl8Tb06C8A.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: Pl8Tb06C8A.exeReversingLabs: Detection: 52%
    Source: Pl8Tb06C8A.exeVirustotal: Detection: 36%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
    Machine Learning detection for sample
    Source: Pl8Tb06C8A.exeJoe Sandbox ML: detected
    Source: Pl8Tb06C8A.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49814 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49813 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49844 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49847 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49854 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49855 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49856 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49857 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49932 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49935 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49936 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49937 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49934 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49933 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49942 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49941 version: TLS 1.2
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.17.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000011.00000003.2422483459.000001BDCF49E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 00000011.00000003.2424043119.000001BDCF4A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.17.dr
    Source: Binary string: npmproxy.pdb source: firefox.exe, 00000011.00000003.2424043119.000001BDCF4A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000011.00000003.2422483459.000001BDCF49E000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_009EDBBE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009BC2A2 FindFirstFileExW,1_2_009BC2A2
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F68EE FindFirstFileW,FindClose,1_2_009F68EE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_009F698F
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_009ED076
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_009ED3A9
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_009F9642
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_009F979D
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_009F9B2B
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F5C97 FindFirstFileW,FindNextFileW,FindClose,1_2_009F5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 201MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 151.101.129.91 151.101.129.91
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009FCE44 InternetReadFile,SetEvent,GetLastError,SetEvent,1_2_009FCE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2507288525.000001BDD0DA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2381159563.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471070487.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2311349397.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2311349397.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2499776926.000001BDD0DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2507288525.000001BDD0DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2381159563.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471070487.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2311349397.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2311349397.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000014.00000002.3450274134.000001C3FBF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000014.00000002.3450274134.000001C3FBF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000014.00000002.3450274134.000001C3FBF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2446484444.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2455306522.000001BDDBF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2469990521.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://6edd4cbe-8a9f-4158-beca-90f5feba9c8c/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2499776926.000001BDD0DF4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2501680926.000001BDD98F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2507288525.000001BDD0DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000011.00000003.2501680926.000001BDD98F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2381159563.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2312293494.000001BDD98F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000011.00000003.2505289581.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2385700108.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473960027.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 00000011.00000003.2386375962.000001BDD3941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487762289.000001BDD3941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 00000011.00000003.2419441267.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2409019979.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423037235.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2424137375.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400360596.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2398940710.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2410218050.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2411675644.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2407716142.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2397323160.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418115496.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2422593327.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400943455.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2412865138.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2404546052.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2408488686.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2402084122.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.17.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrus
    Source: firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2404546052.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.17.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 00000011.00000003.2505289581.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2385700108.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2489201560.000001BDD381B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2454433577.000001BDDC0FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473960027.000001BDD7B83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 00000011.00000003.2393062459.000001BDD2DE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2489201560.000001BDD3850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 00000011.00000003.2471070487.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 00000011.00000003.2471070487.000001BDDAD6A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430697881.000001BDD929E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 00000011.00000003.2387360689.000001BDD3935000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 00000011.00000003.2314573474.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2262872751.000001BDCFED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2256267264.000001BDCFA57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2385294145.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2438726198.000001BDDABCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423042155.000001BDD7AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2261518927.000001BDCF2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2468067658.000001BDD0F50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2306799294.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260458181.000001BDCFEDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2311258750.000001BDD104C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2301045102.000001BDDACC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430124687.000001BDDABCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2475172275.000001BDCFEDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430697881.000001BDD9286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430124687.000001BDDABD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427086131.000001BDD7AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314573474.000001BDD7B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2482584803.000001BDCFED8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305120155.000001BDDAD98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2417379326.000001BDD0183000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 00000011.00000003.2419441267.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2409019979.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423037235.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2424137375.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400360596.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2398940710.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2410218050.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2411675644.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2407716142.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2397323160.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418115496.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2422593327.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400943455.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2412865138.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2404546052.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2408488686.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2402084122.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digiceIy
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2404546052.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 00000011.00000003.2457246918.000001BDDAEBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 00000011.00000003.2376941102.000001BDDBFCC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2498096998.000001BDD21A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000011.00000003.2498096998.000001BDD21A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
    Source: mozilla-temp-41.17.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 00000011.00000003.2314417460.000001BDD8093000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 00000011.00000003.2492908855.000001BDD2D13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 00000011.00000003.2507288525.000001BDD0DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD314D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 00000011.00000003.2306799294.000001BDD7B68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473960027.000001BDD7B6F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2385700108.000001BDD7B68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 00000011.00000003.2315179014.000001BDD7B8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-users/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 00000011.00000003.2310052333.000001BDD0FFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2285962165.000001BDD82F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 00000011.00000003.2473781449.000001BDD7CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384730023.000001BDD7CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD3115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD3115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 00000011.00000003.2384730023.000001BDD7CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2496704481.000001BDD7CDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2498663634.000001BDD1AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
    Source: firefox.exe, 00000011.00000003.2471521743.000001BDDAD38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324106148.000001BDD1B19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324106148.000001BDD1B19000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 00000011.00000003.2468067658.000001BDD0F50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324106148.000001BDD1B19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B21000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 00000011.00000003.2255246294.000001BDCF952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254922991.000001BDCF931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 00000011.00000003.2502913836.000001BDD9372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2464421284.000001BDD01E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 00000011.00000003.2430124687.000001BDDABD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2383483954.000001BDD98C7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2501842784.000001BDD98C7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 00000011.00000003.2314417460.000001BDD8093000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 00000011.00000003.2489201560.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2390482588.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2302216124.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 00000011.00000003.2288755065.000001BDD9299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 00000011.00000003.2288755065.000001BDD9299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2291466457.000001BDDAB8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD3115000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 00000011.00000003.2507288525.000001BDD0DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 00000011.00000003.2507288525.000001BDD0DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2498663634.000001BDD1AE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000011.00000003.2489201560.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2390482588.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2302216124.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFF30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 00000011.00000003.2423042155.000001BDD7AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2426851558.000001BDD7AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 00000011.00000003.2423042155.000001BDD7AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2426851558.000001BDD7AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 00000011.00000003.2254922991.000001BDCF931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 00000011.00000003.2388951607.000001BDD38B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320478994.000001BDD0C6D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2317422376.000001BDD10D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2488977247.000001BDD38B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447845613.000001BDD38B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2317558371.000001BDD10D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471661597.000001BDD9845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2383483954.000001BDD9845000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2316862874.000001BDD10D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2320225046.000001BDD0C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.17.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 00000011.00000003.2388951607.000001BDD38B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2488977247.000001BDD38BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447845613.000001BDD38B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000011.00000003.2447983753.000001BDD324C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFFF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 00000011.00000003.2491230184.000001BDD3178000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2381159563.000001BDDAD38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/top-sites/1/d3698c60-da91-4f8c-b7c7-e1
    Source: firefox.exe, 00000011.00000003.2446484444.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2455306522.000001BDDBF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2469990521.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/8f2afd8b-dc59-4c3d
    Source: firefox.exe, 00000011.00000003.2446484444.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2455306522.000001BDDBF75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2469990521.000001BDDBF70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/f72ebcb3-90ac-4476
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 00000011.00000003.2303032873.000001BDD0EA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2315454022.000001BDD0EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 00000011.00000003.2505720133.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2492908855.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 00000011.00000003.2505720133.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2492908855.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 00000011.00000003.2472923310.000001BDD80D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384595401.000001BDD80D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2464421284.000001BDD01E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBC73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFF8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggestabout
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 00000011.00000003.2311258750.000001BDD1040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 00000011.00000003.2311258750.000001BDD1040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 00000011.00000003.2390143385.000001BDD38B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314417460.000001BDD806E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000011.00000003.2313857567.000001BDD9373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2502913836.000001BDD9372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314417460.000001BDD806E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD806E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314417460.000001BDD806E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000011.00000003.2430124687.000001BDDABD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000011.00000003.2471521743.000001BDDAD20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000011.00000003.2313857567.000001BDD9373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000003.2313513182.000001BDD93BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2502913836.000001BDD9372000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000011.00000003.2313857567.000001BDD9373000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
    Source: firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD803E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD803E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 00000011.00000003.2503817471.000001BDD8030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2390482588.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2302216124.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 00000011.00000003.2503817471.000001BDD8030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 00000011.00000003.2492135351.000001BDD2D95000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFFF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000016.00000002.3451619808.00000158CFFF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/users
    Source: firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-user-removal
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 00000011.00000003.2472923310.000001BDD80D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384595401.000001BDD80D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 00000011.00000003.2484478686.000001BDDADA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470893900.000001BDDADA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380645568.000001BDDAD9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 00000011.00000003.2308361381.000001BDD0DDF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2311294988.000001BDDAE2C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 00000011.00000003.2419249828.000001BDD089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 00000011.00000003.2308213304.000001BDD38D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2387401251.000001BDD38CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447677561.000001BDD38CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2488809921.000001BDD38CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefox
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 00000011.00000003.2285962165.000001BDD82F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2311167657.000001BDDAE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 00000011.00000003.2384691803.000001BDD7FEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/eme-notifications-drm-content-playing-dismiss-acc
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: gmpopenh264.dll.tmp.17.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2283860391.000001BDD7DB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2284778429.000001BDD7E11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 00000011.00000003.2255246294.000001BDCF952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254922991.000001BDCF931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487762289.000001BDD3964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 00000011.00000003.2446126036.000001BDDC044000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2318386764.000001BDD1097000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 00000011.00000003.2311258750.000001BDD1040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 00000011.00000003.2311258750.000001BDD1040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2285962165.000001BDD82F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 00000011.00000003.2501842784.000001BDD98B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2383483954.000001BDD98B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2502650674.000001BDD984F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2382996209.000001BDD98E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471661597.000001BDD984D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2471661597.000001BDD98B7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C22000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2312293494.000001BDD98B7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000011.00000003.2314030192.000001BDD80DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
    Source: firefox.exe, 00000011.00000003.2288755065.000001BDD9299000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2291466457.000001BDDAB8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
    Source: firefox.exe, 00000011.00000003.2484478686.000001BDDADA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2470893900.000001BDDADA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2380645568.000001BDDAD9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000011.00000003.2380645568.000001BDDAD9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 00000011.00000003.2313857567.000001BDD9373000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2502913836.000001BDD9372000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFFF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000014.00000002.3450274134.000001C3FBFC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/Dl
    Source: firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
    Source: firefox.exe, 00000011.00000003.2507288525.000001BDD0DBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 00000011.00000003.2473732184.000001BDD7FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 00000011.00000003.2487762289.000001BDD3964000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 00000011.00000003.2489201560.000001BDD381B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494028098.000001BDD21DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: firefox.exe, 00000011.00000003.2491230184.000001BDD31CB000.00000004.00000800.00020000.00000000.sdmp, recovery.jsonlz4.tmp.17.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000016.00000002.3454790991.00000158D0000000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://ac
    Source: firefox.exe, 00000016.00000002.3449827446.00000158CFB8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.googl
    Source: firefox.exe, 00000014.00000002.3448884221.000001C3FBD1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3454790991.00000158D0004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3449827446.00000158CFB8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000F.00000002.2242066320.0000020E893CF000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.2249246975.000001AEFA887000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000016.00000002.3449827446.00000158CFB8A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdM
    Source: firefox.exe, 00000013.00000002.3450236112.0000023CDB9B4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451224862.0000023CDBA00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3449571670.000001C3FBDD4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3448884221.000001C3FBD10000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3454790991.00000158D0004000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3449827446.00000158CFB80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000016.00000002.3449827446.00000158CFB80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdY
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD3178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdh
    Source: firefox.exe, 00000014.00000002.3448884221.000001C3FBD10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdo
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
    Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
    Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49856 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49755 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.6:49757 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49814 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49813 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49845 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49844 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.129.91:443 -> 192.168.2.6:49847 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49854 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49855 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.6:49856 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.6:49857 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49932 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49935 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49936 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49937 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49934 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49933 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49942 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.6:49941 version: TLS 1.2
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_009FEAFF
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009FED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_009FED6A
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009FEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,1_2_009FEAFF
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009EAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,1_2_009EAA57
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A19576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,1_2_00A19576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: Pl8Tb06C8A.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: Pl8Tb06C8A.exe, 00000001.00000000.2187792187.0000000000A42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c01e174e-6
    Source: Pl8Tb06C8A.exe, 00000001.00000000.2187792187.0000000000A42000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_b8c86772-6
    Source: Pl8Tb06C8A.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6465570c-4
    Source: Pl8Tb06C8A.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_e7e9b08e-1
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC6038B7 NtQuerySystemInformation,20_2_000001C3FC6038B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC624432 NtQuerySystemInformation,20_2_000001C3FC624432
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED5EB: CreateFileW,DeviceIoControl,CloseHandle,1_2_009ED5EB
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_009E1201
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009EE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,1_2_009EE8F6
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F20461_2_009F2046
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009880601_2_00988060
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E82981_2_009E8298
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009BE4FF1_2_009BE4FF
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009B676B1_2_009B676B
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A148731_2_00A14873
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ACAA01_2_009ACAA0
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_0098CAF01_2_0098CAF0
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_0099CC391_2_0099CC39
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009B6DD91_2_009B6DD9
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009891C01_2_009891C0
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_0099B1191_2_0099B119
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A13941_2_009A1394
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A781B1_2_009A781B
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009879201_2_00987920
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_0099997D1_2_0099997D
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A7A4A1_2_009A7A4A
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A7CA71_2_009A7CA7
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009B9EEE1_2_009B9EEE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A0BE441_2_00A0BE44
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC6038B720_2_000001C3FC6038B7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC62443220_2_000001C3FC624432
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC62447220_2_000001C3FC624472
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC624B5C20_2_000001C3FC624B5C
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: String function: 009A0A30 appears 46 times
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: String function: 0099F9F2 appears 40 times
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: String function: 00989CB3 appears 31 times
    Source: Pl8Tb06C8A.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/33@71/12
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F37B5 GetLastError,FormatMessageW,1_2_009F37B5
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E10BF AdjustTokenPrivileges,CloseHandle,1_2_009E10BF
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,1_2_009E16C3
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,1_2_009F51CD
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,1_2_009ED4DC
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,1_2_009F648E
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009842A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,1_2_009842A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6928:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3560:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3704:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2332:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4016:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: Pl8Tb06C8A.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 00000011.00000003.2512076460.000001BDD93A7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2313513182.000001BDD93A7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE moz_places SET foreign_count = foreign_count - 1 WHERE id = OLD.place_id;
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 00000011.00000003.2392318562.000001BDD3115000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: Pl8Tb06C8A.exeReversingLabs: Detection: 52%
    Source: Pl8Tb06C8A.exeVirustotal: Detection: 36%
    Source: unknownProcess created: C:\Users\user\Desktop\Pl8Tb06C8A.exe "C:\Users\user\Desktop\Pl8Tb06C8A.exe"
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c90f90d-58dd-45ba-a7ab-eb51e3ea8e21} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdbfa6e110 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3356 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c75143-5654-446b-bddb-adbf1f536fce} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd96bbd10 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4984 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e250ea7-bfc2-4839-b39b-7047e5d75287} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd8083b10 utility
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c90f90d-58dd-45ba-a7ab-eb51e3ea8e21} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdbfa6e110 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3356 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c75143-5654-446b-bddb-adbf1f536fce} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd96bbd10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4984 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e250ea7-bfc2-4839-b39b-7047e5d75287} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd8083b10 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: Pl8Tb06C8A.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.17.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 00000011.00000003.2422483459.000001BDCF49E000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: npmproxy.pdbUGP source: firefox.exe, 00000011.00000003.2424043119.000001BDCF4A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.17.dr
    Source: Binary string: npmproxy.pdb source: firefox.exe, 00000011.00000003.2424043119.000001BDCF4A0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 00000011.00000003.2422483459.000001BDCF49E000.00000004.00000020.00020000.00000000.sdmp
    Source: Pl8Tb06C8A.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: Pl8Tb06C8A.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: Pl8Tb06C8A.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: Pl8Tb06C8A.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: Pl8Tb06C8A.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_009842DE
    Source: gmpopenh264.dll.tmp.17.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A0A76 push ecx; ret 1_2_009A0A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_0099F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,1_2_0099F98E
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A11C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,1_2_00A11C41
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_1-96352
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC6038B7 rdtsc 20_2_000001C3FC6038B7
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeAPI coverage: 3.8 %
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exe TID: 5828Thread sleep count: 125 > 30Jump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exe TID: 5828Thread sleep count: 175 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009EDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,1_2_009EDBBE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009BC2A2 FindFirstFileExW,1_2_009BC2A2
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F68EE FindFirstFileW,FindClose,1_2_009F68EE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,1_2_009F698F
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_009ED076
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009ED3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,1_2_009ED3A9
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_009F9642
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,1_2_009F979D
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,1_2_009F9B2B
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009F5C97 FindFirstFileW,FindNextFileW,FindClose,1_2_009F5C97
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_009842DE
    Source: firefox.exe, 00000013.00000002.3456180858.0000023CDBE00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllU
    Source: Pl8Tb06C8A.exe, 00000001.00000003.2284293838.000000000190B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3456180858.0000023CDBE00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3448884221.000001C3FBD1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3454357175.000001C3FC4C0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3449827446.00000158CFB8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000013.00000002.3455089823.0000023CDBD21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000013.00000002.3451224862.0000023CDBA0A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0!
    Source: firefox.exe, 00000016.00000002.3455267171.00000158D0010000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWs$
    Source: firefox.exe, 00000013.00000002.3456180858.0000023CDBE00000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3454357175.000001C3FC4C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 20_2_000001C3FC6038B7 rdtsc 20_2_000001C3FC6038B7
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009FEAA2 BlockInput,1_2_009FEAA2
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009B2622
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_009842DE
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A4CE8 mov eax, dword ptr fs:[00000030h]1_2_009A4CE8
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_009E0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009B2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009B2622
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_009A083F
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A09D5 SetUnhandledExceptionFilter,1_2_009A09D5
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_009A0C21
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,1_2_009E1201
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009C2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,1_2_009C2BA5
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009EB226 SendInput,keybd_event,1_2_009EB226
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A022DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,1_2_00A022DA
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,1_2_009E0B62
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009E1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,1_2_009E1663
    Source: Pl8Tb06C8A.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: Pl8Tb06C8A.exeBinary or memory string: Shell_TrayWnd
    Source: firefox.exe, 00000011.00000003.2402983607.000001BDDC801000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hSoftware\Policies\Microsoft\Windows\PersonalizationNoChangingStartMenuBackgroundPersonalColors_BackgroundWilStaging_02RtlDisownModuleHeapAllocationRtlQueryFeatureConfigurationRtlRegisterFeatureConfigurationChangeNotificationRtlSubscribeWnfStateChangeNotificationRtlDllShutdownInProgressntdll.dllNtQueryWnfStateDataLocal\SM0:%d:%d:%hs_p0Local\SessionImmersiveColorPreferenceBEGINTHMthmfile\Sessions\%d\Windows\ThemeSectionMessageWindowendthemewndThemeApiConnectionRequest\ThemeApiPortwinsta0SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\PersonalizeAppsUseLightThemeSystemUsesLightThemedefaultshell\themes\uxtheme\render.cppCompositedWindow::WindowdeletedrcacheMDIClientSoftware\Microsoft\Windows\DWMColorPrevalenceSoftware\Microsoft\Windows\CurrentVersion\ImmersiveShellTabletModeMENUAccentColorSoftware\Microsoft\Windows\CurrentVersion\Explorer\AccentDefaultStartColorControl Panel\DesktopAutoColorizationAccentColorMenuStartColorMenuAutoColorSoftware\Microsoft\Windows\CurrentVersion\Themes\History\ColorsSoftware\Microsoft\Windows\CurrentVersion\Themes\HistoryAccentPaletteTab$Shell_TrayWndLocal\SessionImmersiveColorMutex
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009A0698 cpuid 1_2_009A0698
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009DD21C GetLocalTime,1_2_009DD21C
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009DD27A GetUserNameW,1_2_009DD27A
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009BB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,1_2_009BB952
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_009842DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,1_2_009842DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: Pl8Tb06C8A.exe PID: 3880, type: MEMORYSTR
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_81
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_XP
    Source: Pl8Tb06C8A.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_XPe
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_VISTA
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_7
    Source: Pl8Tb06C8A.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: Pl8Tb06C8A.exe PID: 3880, type: MEMORYSTR
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A01204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,1_2_00A01204
    Source: C:\Users\user\Desktop\Pl8Tb06C8A.exeCode function: 1_2_00A01806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,1_2_00A01806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials11
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574272 Sample: Pl8Tb06C8A.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 Pl8Tb06C8A.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 211 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49745, 49747 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49752, 49769, 49772 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    Pl8Tb06C8A.exe53%ReversingLabsWin32.Trojan.Amadey
    Pl8Tb06C8A.exe37%VirustotalBrowse
    Pl8Tb06C8A.exe100%AviraTR/ATRAPS.Gen
    Pl8Tb06C8A.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://ocsp.digiceIy0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.195.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.65
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.129.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.110
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		172.217.19.206
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.129.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://datastudio.google.com/embed/reporting/firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2464421284.000001BDD01E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.mozilla.com0gmpopenh264.dll.tmp.17.drfalse
                                                                            		high
                                                                            http://ocsp.digiceIyfirefox.exe, 00000011.00000003.2419441267.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2409019979.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423037235.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2424137375.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400360596.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2398940710.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2410218050.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2411675644.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2403350394.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2407716142.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423444241.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2397323160.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2418115496.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2422593327.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2400943455.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2412865138.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2419983601.000001BDCF482000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2404546052.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2408488686.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2394582728.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2402084122.000001BDCF48C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000013.00000002.3451936160.0000023CDBC73000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://json-schema.org/draft/2019-09/schema.firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.leboncoin.fr/firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://spocs.getpocket.com/spocsfirefox.exe, 00000011.00000003.2503817471.000001BDD8030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 00000011.00000003.2384691803.000001BDD7FEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://completion.amazon.com/search/complete?q=firefox.exe, 00000011.00000003.2255246294.000001BDCF952000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254922991.000001BDCF931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000011.00000003.2310052333.000001BDD0FFE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000011.00000003.2506579216.000001BDD1A91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://monitor.firefox.com/breach-details/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2311167657.000001BDDAE41000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://github.com/mozilla-services/screenshotsfirefox.exe, 00000011.00000003.2254922991.000001BDCF931000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://youtube.com/firefox.exe, 00000011.00000003.2489201560.000001BDD381B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2494028098.000001BDD21DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://json-schema.org/draft/2020-12/schema/=firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://youtube.com/account?=https://acfirefox.exe, 00000016.00000002.3454790991.00000158D0000000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.instagram.com/firefox.exe, 00000011.00000003.2311258750.000001BDD1040000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305271562.000001BDDACA7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.17.drfalse
                                                                                                                              		high
                                                                                                                              https://www.amazon.com/firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2firefox.exe, 00000011.00000003.2313857567.000001BDD9373000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.youtube.com/firefox.exe, 00000011.00000003.2473732184.000001BDD7FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.bbc.co.uk/firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000016.00000002.3451619808.00000158CFFC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://127.0.0.1:firefox.exe, 00000011.00000003.2386375962.000001BDD3941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487762289.000001BDD3941000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000011.00000003.2430124687.000001BDDABD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://bugzilla.mofirefox.exe, 00000011.00000003.2471521743.000001BDDAD38000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://mitmdetection.services.mozilla.com/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000011.00000003.2292001223.000001BDDAE1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://youtube.com/account?=firefox.exe, 00000011.00000003.2491230184.000001BDD31CB000.00000004.00000800.00020000.00000000.sdmp, recovery.jsonlz4.tmp.17.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://youtube.com/account?=https://accounts.googlfirefox.exe, 00000016.00000002.3449827446.00000158CFB8A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://spocs.getpocket.com/firefox.exe, 00000011.00000003.2503817471.000001BDD8030000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2390482588.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487089280.000001BDD7961000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2302216124.000001BDD386A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBF12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3451619808.00000158CFF13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.iqiyi.com/firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2285962165.000001BDD82F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://merino.services.mozilla.com/api/v1/suggestaboutfirefox.exe, 00000016.00000002.3451619808.00000158CFF8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://a9.com/-/spec/opensearch/1.0/firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000011.00000003.2457307702.000001BDDAE96000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 00000011.00000003.2314573474.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2262872751.000001BDCFED5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2256267264.000001BDCFA57000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2385294145.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2438726198.000001BDDABCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2423042155.000001BDD7AC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2261518927.000001BDCF2CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2468067658.000001BDD0F50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2306799294.000001BDD7BF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2260458181.000001BDCFEDC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2311258750.000001BDD104C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2301045102.000001BDDACC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430124687.000001BDDABCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2475172275.000001BDCFEDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430697881.000001BDD9286000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2430124687.000001BDDABD7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2427086131.000001BDD7AB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314573474.000001BDD7B92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2482584803.000001BDCFED8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2305120155.000001BDDAD98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2417379326.000001BDD0183000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://account.bellmedia.cfirefox.exe, 00000011.00000003.2492908855.000001BDD2D13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://login.microsoftonline.comfirefox.exe, 00000011.00000003.2505720133.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2492908855.000001BDD2D32000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://coverage.mozilla.orgfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.17.drfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.c.lencr.org/0firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://x1.i.lencr.org/0firefox.exe, 00000011.00000003.2303032873.000001BDD0EAF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2458822211.000001BDD96EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447580194.000001BDD96E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://a9.com/-/spec/opensearch/1.1/firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2503596346.000001BDD809B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://blocked.cdn.mozilla.net/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000011.00000003.2314417460.000001BDD8093000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 00000011.00000003.2308213304.000001BDD38D0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2387401251.000001BDD38CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2447677561.000001BDD38CE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2488809921.000001BDD38CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://contile.services.mozilla.com/v1/tilesfirefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://www.amazon.co.uk/firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 00000011.00000003.2507288525.000001BDD0DBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2498663634.000001BDD1AE5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://monitor.firefox.com/user/preferencesfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://screenshots.firefox.com/firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        https://www.google.com/searchfirefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2487762289.000001BDD3964000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254715542.000001BDCF90F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2254261737.000001BDCF700000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://relay.firefox.com/api/v1/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://json-schema.org/draft-07/schema#-firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-reportfirefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://topsites.services.mozilla.com/cid/firefox.exe, 00000013.00000002.3451548345.0000023CDBA40000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000014.00000002.3454057937.000001C3FC470000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000016.00000002.3451143939.00000158CFD30000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://spocs.getpocket.com/usersfirefox.exe, 00000016.00000002.3451619808.00000158CFFF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://www.wykop.pl/firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://twitter.com/firefox.exe, 00000011.00000003.2473018727.000001BDD80B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://www.olx.pl/firefox.exe, 00000011.00000003.2473018727.000001BDD800B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2485555954.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2486235661.000001BDD801B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2473018727.000001BDD8098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1193802firefox.exe, 00000011.00000003.2324662690.000001BDD1B48000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324258683.000001BDD1B50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2323948016.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2324401372.000001BDD1B42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://support.mozilla.org/products/firefoxfirefox.exe, 00000011.00000003.2510520508.000001BDD99BB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2510520508.000001BDD99A7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_firefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://www.google.com/complete/searchfirefox.exe, 00000011.00000003.2314298258.000001BDD8098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2283860391.000001BDD7DB9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2284778429.000001BDD7E11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://getpocket.com/firefox/new_tab_learn_more/firefox.exe, 00000011.00000003.2504955214.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2384863282.000001BDD7C58000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfirefox.exe, 00000013.00000002.3451936160.0000023CDBCE8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000014.00000002.3450274134.000001C3FBFED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000016.00000002.3455523483.00000158D0203000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.17.drfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://json-schema.org/draft/2019-09/schema./firefox.exe, 00000011.00000003.2484296560.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2304985319.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2495059853.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2457510863.000001BDDAE14000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                        34.149.100.209
                                                                                                                                                                                                                                                                        		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        151.101.129.91
                                                                                                                                                                                                                                                                        		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                        		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                        34.107.243.93
                                                                                                                                                                                                                                                                        		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        142.250.181.110
                                                                                                                                                                                                                                                                        		youtube.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.107.221.82
                                                                                                                                                                                                                                                                        		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.244.181.201
                                                                                                                                                                                                                                                                        		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.117.188.166
                                                                                                                                                                                                                                                                        		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                        35.201.103.21
                                                                                                                                                                                                                                                                        		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        35.190.72.216
                                                                                                                                                                                                                                                                        		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                        34.160.144.191
                                                                                                                                                                                                                                                                        		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                        		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                        34.120.208.123
                                                                                                                                                                                                                                                                        		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                        Analysis ID:1574272
                                                                                                                                                                                                                                                                        Start date and time:2024-12-13 07:55:12 +01:00
                                                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                        Overall analysis duration:0h 7m 12s
                                                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                        Number of analysed new started processes analysed:31
                                                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                        Sample name:Pl8Tb06C8A.exe
                                                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                                                        Original Sample Name:99a5714dc7fee4339e893fb116c78cda.exe
                                                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                                                        Classification:mal80.troj.evad.winEXE@34/33@71/12
                                                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 50%
                                                                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                                                                        • Successful, ratio: 97%
                                                                                                                                                                                                                                                                        • Number of executed functions: 49
                                                                                                                                                                                                                                                                        • Number of non-executed functions: 295
                                                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 54.213.181.160, 35.85.93.176, 44.228.225.150, 23.218.208.109, 172.217.17.46, 88.221.134.209, 88.221.134.155, 142.250.181.74, 142.250.181.106, 20.190.181.6, 20.31.169.57, 13.107.246.63, 150.171.27.10, 4.175.87.197, 20.199.58.43
                                                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, slscr.update.microsoft.com, incoming.telemetry.mozilla.org, tse1.mm.bing.net, a17.rackcdn.com.mdc.edgesuite.net, g.bing.com, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, login.live.com, e16604.g.akamaiedge.net, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, shavar.prod.mozaws.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, detectportal.prod.mozaws.net, fe3cr.delivery.mp.microsoft.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                                                        01:56:19API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                        34.117.188.166file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                            34.149.100.209file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                151.101.129.91file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                    34.160.144.191file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                        example.orgfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                        twitter.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                        star-mini.c10r.facebook.comfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 157.240.196.35

                                                                                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                        FASTLYUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.65.91
                                                                                                                                                                                                                                                                                                                                                        greatattitudewithnicefeatruewithgreatnicecreamypurplethingsgood.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                        goodthhingswithgreatcapitalthingsforgreatnewswithgoodmorng.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                        creamkissingthingswithcreambananapackagecreamy.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.193.91
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        ATGS-MMD-ASUSfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.0.41.226
                                                                                                                                                                                                                                                                                                                                                        powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                        • 51.92.80.67
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        x86_32.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                        • 48.252.209.208
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        arm7.nn-20241213-0355.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                        • 56.211.75.194

                                                                                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                        fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                        • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                        • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                        • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                        • 151.101.129.91
                                                                                                                                                                                                                                                                                                                                                        • 34.120.208.123

                                                                                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_1e66535e-3c49-4d40-99b5-85796a500719.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.17801765790314
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:ABMXwytcbhbVbTbfbRbObtbyEl7nbIFrBJA6unSrDtTkdxSofK:AihcNhnzFSJQr81nSrDhkdxm
                                                                                                                                                                                                                                                                                                                                                                            MD5:25B31F05B48ED919CA3AE86A97760904
                                                                                                                                                                                                                                                                                                                                                                            SHA1:45F75675E33E0C2060236B6E37CE5C912F58B942
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:59285F1ED6C3462A098E509DD7A8C8640C15FB6AA2541C479453B282753A79E1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B87BE90215032C859512E836F3DED0BBE6D44B1D7B77A856EE83E3EF31A0273547B470CE997EED99442B09E019A628E18CFC99714B91179C9F13D62B655572EA
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"1e66535e-3c49-4d40-99b5-85796a500719","creationDate":"2024-12-13T08:16:54.437Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_1e66535e-3c49-4d40-99b5-85796a500719.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):7946
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.17801765790314
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:ABMXwytcbhbVbTbfbRbObtbyEl7nbIFrBJA6unSrDtTkdxSofK:AihcNhnzFSJQr81nSrDhkdxm
                                                                                                                                                                                                                                                                                                                                                                            MD5:25B31F05B48ED919CA3AE86A97760904
                                                                                                                                                                                                                                                                                                                                                                            SHA1:45F75675E33E0C2060236B6E37CE5C912F58B942
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:59285F1ED6C3462A098E509DD7A8C8640C15FB6AA2541C479453B282753A79E1
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B87BE90215032C859512E836F3DED0BBE6D44B1D7B77A856EE83E3EF31A0273547B470CE997EED99442B09E019A628E18CFC99714B91179C9F13D62B655572EA
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"type":"uninstall","id":"1e66535e-3c49-4d40-99b5-85796a500719","creationDate":"2024-12-13T08:16:54.437Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"7340e351-fad3-4a0f-b554-971fbfafe8fb","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                            MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                            MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.93268108915346
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLMc8P:gXiNFS+OcUGOdwiOdwBjkYLMc8P
                                                                                                                                                                                                                                                                                                                                                                            MD5:C22651686458547DE93485192EFA69CA
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9499595CD1A18D07B7913F18D80385B280868621
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1B487B4D9275FEE1C5A6E5E396EE22C724B9F81713A4F578EF26FD2D1FBF8207
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A2C6A2CBB45AA93F40DFB6A21539B99A528523665EFACCB2CA2CBDC4B52F470096E07904BB2C024AE5E11AE509ECA2AA620134B7D7D89BEB6E39E50C26A29F22
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4419
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.93268108915346
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:gXiNFS+OcPUFEOdwNIOdwBjvYVbsLMc8P:gXiNFS+OcUGOdwiOdwBjkYLMc8P
                                                                                                                                                                                                                                                                                                                                                                            MD5:C22651686458547DE93485192EFA69CA
                                                                                                                                                                                                                                                                                                                                                                            SHA1:9499595CD1A18D07B7913F18D80385B280868621
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1B487B4D9275FEE1C5A6E5E396EE22C724B9F81713A4F578EF26FD2D1FBF8207
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A2C6A2CBB45AA93F40DFB6A21539B99A528523665EFACCB2CA2CBDC4B52F470096E07904BB2C024AE5E11AE509ECA2AA620134B7D7D89BEB6E39E50C26A29F22
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"treatment-a","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"enableBookmarksToolbar":"always"},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"d48f64a8-a4ab-4cdd-a650-4b386e41a201","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T06:20:35.557Z","featureIds":["bookmarks"],"prefs":[{"name":"browser.toolbars.bookmarks.visibility","branch":"user","featureId":"bookmarks","variable":"enableBookmarksToolbar","originalValue":null}],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                            MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                            SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                            MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                            SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                            MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                            MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                            SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.185052013683835
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:768:AI4wvfCXh496G4C4U1W4z4xuHhvp4N4Tc4Z4S4t24U:AruBv3
                                                                                                                                                                                                                                                                                                                                                                            MD5:10E2D85FEF0DB266E519048D63617FA8
                                                                                                                                                                                                                                                                                                                                                                            SHA1:EBB307C44EBEFFA271AC58FDDE5C3A1BA52AE7B0
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:92143A48F55639B5BD01385D0E4E78EDED4F84401A91C12AC06251EE188CFE0E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:164CBE725B44020AD40D165A1B1C242A7016ED8933AB9502D0D38E6CD99887D9DF49533DE54068AA4E5D8476C7791B52518A8477B8961475B7CB2C3AF54B81B1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{87ef1fa3-cb84-4bbf-a615-45a1d14b629d}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                            MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                            SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                            MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                            SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                            MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                            SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.07338695179673393
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkiB0:DLhesh7Owd4+jiB0
                                                                                                                                                                                                                                                                                                                                                                            MD5:E7D5839DCF527383B268F7BFA731CCDA
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A7730210EF20B86C240FFE689672984510DC148F
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:3B5BC469298F9E77D166726896C9DF2F3D6D4B2802CEA07D70B75495CAB8449A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:39416163ED17A430F1227447C33298F17109FA627958B8147691B3B09022D869115ED63CAF94362CFC3BFA8AF28FD1F8FA7D6A7DCCCCEC0EB726261D8DD0A1BC
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.035822017202226504
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:GtlstFDxTEwZPURVZ4iltlstFDxTEwZPURVZ4789//alEl:GtWtYwZ8ZptWtYwZ8ZG89XuM
                                                                                                                                                                                                                                                                                                                                                                            MD5:A87A28894199301003F9CD248E5A5462
                                                                                                                                                                                                                                                                                                                                                                            SHA1:57FAD14CF8C13147D597B4C8A0BBB516E9977609
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:B03B88FF785B5F788FCE89AC0597F51E7CE60CF86E70B7FEA4995E42EAD5D279
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:23148D206319A6CE6F1F65B301918C92E9B3DE8B99AB2572E5AB9569B0837532139BB590E95D68BE1297B37F57A2EC61A4FC39BAADCADD32AC3104CF0AF916C6
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:..-.......................t..!;*J6X..{P.}Y.0|/...-.......................t..!;*J6X..{P.}Y.0|/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.035023022135915946
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:Ol1rnwTm3Pvnqhv7p5SrV//mwl8XW3R2:KR/s7qpuw93w
                                                                                                                                                                                                                                                                                                                                                                            MD5:A041D4FF7C2CC5060E876D8BF7C5D6B6
                                                                                                                                                                                                                                                                                                                                                                            SHA1:26E63C657AD8D2DFBABA6F285E03E3B4FBCC9E05
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:0F2F00813B038F95C8A135E59EB8E22DDFFC1FCBEA935410B7E98FFCC3526CC6
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:C9B379109E3108FB12DD39CF52FDE129CFEED1F66320489B60690F6F5D07BD30862680202A7C2859CB59E07510DCE8F43793C0404FB83558EFE677E6D6034144
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:7....-..........*J6X..{P-.M=6...........*J6X..{P.t..;!.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467265817995418
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:XnTFTRRUYbBp6JLZNMGaXJ6qU4P6zy+/3/78H5RYiNBw8daSl:jKesFNMUEKyCKdw10
                                                                                                                                                                                                                                                                                                                                                                            MD5:A456DF77925D0E567318669B6C39C7B6
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2AC0DA81CECC1BA79037A20D77950A7A14DFE304
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:CDF33828151DB693F1D867F2394369286BF8B2C440AE40EC63D74D9774562F3A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:097FEABF2CE73C05B55CBA64957245B39AAF5DD34C21F492D6C9FD57BF9BDEDBED9B9063B1D625735E769B32D4F2F974E193BB06432C8BCAF6C272C844CA789C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734077784);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734077784);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734077784);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173407

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1717), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):14081
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.467265817995418
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:192:XnTFTRRUYbBp6JLZNMGaXJ6qU4P6zy+/3/78H5RYiNBw8daSl:jKesFNMUEKyCKdw10
                                                                                                                                                                                                                                                                                                                                                                            MD5:A456DF77925D0E567318669B6C39C7B6
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2AC0DA81CECC1BA79037A20D77950A7A14DFE304
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:CDF33828151DB693F1D867F2394369286BF8B2C440AE40EC63D74D9774562F3A
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:097FEABF2CE73C05B55CBA64957245B39AAF5DD34C21F492D6C9FD57BF9BDEDBED9B9063B1D625735E769B32D4F2F974E193BB06432C8BCAF6C272C844CA789C
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "a24b7aae-efcd-4433-83ad-3649b8231e2d");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734077784);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734077784);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734077784);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173407

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                            MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                            SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                            MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                            SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.325124201327764
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSMuxLXnIgm/pnxQwRlszT5sKLs73eHVvwKXTDamhujJ6tOOxmOmaoy:GUpOxuxGnR6G3eNwCTD4J6tKRha
                                                                                                                                                                                                                                                                                                                                                                            MD5:B156A25B6447A24BAEB913DC6DB501C0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:0886132A12C073787FDB6521BCE5CED2B0A508B5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:640E49ADADDF5D4FDAE7835BD2A9794E26B206C9CB4515FD584FACE27293F5CC
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BB71BF85D1BDEC2B9A5BEB9A3545EA98FEEA7FADF811A78A8F1F7CDE2A81519795ED7E60AF0613DE199F192E24ADD85BB14DD6857F28323D2D8605A9DB72A9A2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{40d62b26-b2da-496f-a1ee-1332b86dae3a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734077776608,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..iUpdate...12,"startTim..P53589...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...57076,"originA..

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):1567
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.325124201327764
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:v+USUGlcAxSMuxLXnIgm/pnxQwRlszT5sKLs73eHVvwKXTDamhujJ6tOOxmOmaoy:GUpOxuxGnR6G3eNwCTD4J6tKRha
                                                                                                                                                                                                                                                                                                                                                                            MD5:B156A25B6447A24BAEB913DC6DB501C0
                                                                                                                                                                                                                                                                                                                                                                            SHA1:0886132A12C073787FDB6521BCE5CED2B0A508B5
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:640E49ADADDF5D4FDAE7835BD2A9794E26B206C9CB4515FD584FACE27293F5CC
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:BB71BF85D1BDEC2B9A5BEB9A3545EA98FEEA7FADF811A78A8F1F7CDE2A81519795ED7E60AF0613DE199F192E24ADD85BB14DD6857F28323D2D8605A9DB72A9A2
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{40d62b26-b2da-496f-a1ee-1332b86dae3a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734077776608,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...46f3a197-db49-410a-81b3-94975c835573","zD..1...Wm..l........j..:....1":{..iUpdate...12,"startTim..P53589...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...Abfc0b67c202aaf415a5b7a51708a5c3270bb6f2f7664428a48797f00afbef6fc","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...57076,"originA..

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 4, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):2.042811512334329
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24:JBkSldh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jkSWEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                            MD5:21235938025E2102017AC8C9748948A4
                                                                                                                                                                                                                                                                                                                                                                            SHA1:A1EED1C4588724A8396C95FC9923C0A33B360FF8
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:E34B06B180E3F73DC8E441650BB7FE694A9D58E927412D6ED40B0852B784824E
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:D334B419A2A75179C17D7F53BF65FCC132ADE03B21059F0007ACDBB08284A281D8CE1C1CC598E6A070024D0DAE158E2E9618E121342BE068E87A051FE33D6061
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009442087863431
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYOdOZHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyk:ycPCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:C16BCC1166F47CDEC643D706ADB7F648
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2EA6AB2A4C872B70BFEDAAA5D1B567111EAC8E2D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A3EAC8B2611B5BAF54846112FFBA8C7ED503F1E041256AB84F8386DFF929B92C
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:3D6B9958FFF13A33A72FA185CF70707BB3BF2C81E6DD468AF55E3B68D5CE5F5974C539C37FF878B23C730AB8E8C24640AA4C5630AFDF7357208926FC7D9CAA2E
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-13T08:16:15.154Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                                                                                                                                            Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                                                                                                                                            Size (bytes):4411
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):5.009442087863431
                                                                                                                                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:48:YrSAYOdOZHqUQZpExB1+anOdW6VhOGVpWJzzcsYMsku7f86SLAVL775FtsfAcbyk:ycPCTEr5NfJzzcBvbw6Kkvrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                            MD5:C16BCC1166F47CDEC643D706ADB7F648
                                                                                                                                                                                                                                                                                                                                                                            SHA1:2EA6AB2A4C872B70BFEDAAA5D1B567111EAC8E2D
                                                                                                                                                                                                                                                                                                                                                                            SHA-256:A3EAC8B2611B5BAF54846112FFBA8C7ED503F1E041256AB84F8386DFF929B92C
                                                                                                                                                                                                                                                                                                                                                                            SHA-512:3D6B9958FFF13A33A72FA185CF70707BB3BF2C81E6DD468AF55E3B68D5CE5F5974C539C37FF878B23C730AB8E8C24640AA4C5630AFDF7357208926FC7D9CAA2E
                                                                                                                                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                                                                                                                                            Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-13T08:16:15.154Z","profileAgeCreated":1696486829272,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                            Entropy (8bit):6.696224820991548
                                                                                                                                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                            File name:Pl8Tb06C8A.exe
                                                                                                                                                                                                                                                                                                                                                                            File size:967'168 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5:99a5714dc7fee4339e893fb116c78cda
                                                                                                                                                                                                                                                                                                                                                                            SHA1:48a7ea54dfb0140b1d4128bcd08b73991985720f
                                                                                                                                                                                                                                                                                                                                                                            SHA256:a7d0341c68a042cee111a854ae1008a83e6e979974db1565ea8397bfb55eccaa
                                                                                                                                                                                                                                                                                                                                                                            SHA512:56ac5e0c3a72fdaafddf89444080bd22f67ef41666f94c20a029dcf98cb07261d85613125a378e6d965029ff68b90c906c6eab616c971a06364e55cce06dbe0e
                                                                                                                                                                                                                                                                                                                                                                            SSDEEP:24576:DqDEvCTbMWu7rQYlBQcBiT6rprG8akzfF:DTvC/MTQYxsWR7akb
                                                                                                                                                                                                                                                                                                                                                                            TLSH:57259E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                                                                                                                                            Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                            Time Stamp:0x6759A915 [Wed Dec 11 15:00:37 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                            Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                            Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CDF973h
                                                                                                                                                                                                                                                                                                                                                                            jmp 00007F0D04CDF27Fh
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CDF45Dh
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CDF42Ah
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                            add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CE201Dh
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                                                                                                                                                                                            retn 0004h
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CE2068h
                                                                                                                                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                                                                                                                                            mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                            lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                            mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                                                                                                                                            call 00007F0D04CE2051h
                                                                                                                                                                                                                                                                                                                                                                            test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                            pop ecx

                                                                                                                                                                                                                                                                                                                                                                            Rich Headers

                                                                                                                                                                                                                                                                                                                                                                            Programming Language:
                                                                                                                                                                                                                                                                                                                                                                            • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                            • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x15778.rsrc
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xea0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                            .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                            .rsrc0xd40000x157780x15800a2331a272c6ef44f6e6a07545487aa4eFalse0.6925077216569767data7.131379777374799IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                            .reloc0xea0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                            RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                            RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                            RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                            RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                            RT_RCDATA0xdc8fc0xc8fcdata1.0005053253517842
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe91f80x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe92700x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe92840x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                            RT_GROUP_ICON0xe92980x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                            RT_VERSION0xe92ac0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                            RT_MANIFEST0xe93880x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                                                                                                                                            WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                            VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                            WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                            COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                            MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                            WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                            PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                            IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                            USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                            UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                            KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                            USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                            GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                            COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                            ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                            SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                            ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                            OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                            EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.548401117 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.548455000 CET4434974335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.554848909 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.595500946 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.595525980 CET4434974335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.721963882 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.722007036 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.722703934 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.724455118 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.724473000 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.827307940 CET4434974335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.827517033 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.886169910 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.886189938 CET4434974335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.886346102 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.886475086 CET4434974335.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.887343884 CET49743443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.889878988 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.889914989 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.891340017 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.892857075 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.892884970 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.016305923 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.136007071 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.136761904 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.136987925 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.138562918 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.138611078 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.138811111 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.140252113 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.140268087 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.256675959 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260040045 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260094881 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260402918 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260402918 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260443926 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.319056988 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.319094896 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.319793940 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.321589947 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.321607113 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.497585058 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.497658968 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.498142958 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.498322964 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.498334885 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.230756998 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.287875891 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.373411894 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.383347034 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.391537905 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.422286987 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.422765970 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.423053980 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.423758984 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.493434906 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.500336885 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.549604893 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.553124905 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.591337919 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.592081070 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.593450069 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.593461037 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.654198885 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.715498924 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.723334074 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.725176096 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.499788046 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.499810934 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.500220060 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.515954018 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.516001940 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.516448021 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.521100044 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.521142960 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.521155119 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.521382093 CET44349745142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.523334026 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.523348093 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.523698092 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.523832083 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.523838997 CET44349747142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524223089 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524240971 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524637938 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524657011 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524799109 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524816990 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.524838924 CET4434975434.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.525912046 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.525947094 CET4434976734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.526839972 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.526920080 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.527055979 CET4434975535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528067112 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528093100 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528294086 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528372049 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528383017 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528853893 CET49745443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528881073 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528881073 CET49754443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.528980970 CET49747443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.529071093 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.529131889 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.529287100 CET4434975734.160.144.191192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.530508041 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.530524969 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.530781031 CET49755443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.530813932 CET49757443192.168.2.634.160.144.191
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.530813932 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.532502890 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.532516003 CET4434976734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.701025963 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.739345074 CET4434975634.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.739417076 CET49756443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.821126938 CET804975234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.821192026 CET4975280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.084114075 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.204004049 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.208336115 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.242803097 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.303090096 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.303141117 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.304717064 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.304884911 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.306433916 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.306453943 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.362524986 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.424590111 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.424671888 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.424849033 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.519815922 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.519838095 CET4434977334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.519913912 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.521393061 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.521409035 CET4434977334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.544500113 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.750098944 CET4434976734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.759604931 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.763885021 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.763901949 CET4434976734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.763966084 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.764127016 CET4434976734.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.764197111 CET49767443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.222191095 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.222920895 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.225507975 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.225524902 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.233660936 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.233679056 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.233768940 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.233814001 CET44349766142.250.181.110192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.234599113 CET49766443192.168.2.6142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.293638945 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.312942982 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.313004971 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.318351030 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.320502043 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.320533037 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.338454008 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.359644890 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.359673023 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.366143942 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.366270065 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.366282940 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.389852047 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.389863014 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.390027046 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.391591072 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.391604900 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.511348963 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.531181097 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.539346933 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.540115118 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.540394068 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.544930935 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.544941902 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545048952 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545177937 CET4434977134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545447111 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545474052 CET4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545516014 CET49771443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.545644999 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.546937943 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.546960115 CET4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.561319113 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.745954037 CET4434977334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.746047974 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.751754999 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.751766920 CET4434977334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.751840115 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.751935005 CET4434977334.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.752002954 CET49773443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.535480022 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.535887957 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.540610075 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.540632963 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.540714025 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.540783882 CET4434977534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.540855885 CET49775443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.576894045 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.577114105 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.580002069 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.580029964 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.580284119 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.582464933 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.582546949 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.582664967 CET4434977635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.582727909 CET49776443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.608213902 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.610586882 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.614723921 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.614737988 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.614800930 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.614944935 CET4434977734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.615228891 CET49777443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.766156912 CET4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.766365051 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.770982981 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.770999908 CET4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.771120071 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.771214008 CET4434978134.117.188.166192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:25.774297953 CET49781443192.168.2.634.117.188.166
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.202626944 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.322403908 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.521569014 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.569734097 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:34.522634029 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:34.642359972 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.872148991 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874248028 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874277115 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874381065 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874408960 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875555992 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875756025 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875763893 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875767946 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875897884 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.875917912 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.991945028 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.012207031 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.012232065 CET4434981534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.012296915 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.013798952 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.013813019 CET4434981534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.067898035 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.186986923 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.187807083 CET804977234.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.188626051 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.188651085 CET4977280192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.805758953 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.925455093 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.932707071 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.933320999 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.950277090 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.950292110 CET4434982234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.950912952 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.953361034 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.953392029 CET4434982234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.052958965 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.088196993 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.088197947 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.088320017 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.088320971 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.091017962 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.091032982 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.091336012 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.093806982 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.093827963 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.094165087 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097383022 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097471952 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097558975 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097608089 CET4434981434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097623110 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097733021 CET4434981334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.097734928 CET49814443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.098037004 CET49813443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.223896980 CET4434981534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.223994017 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.231883049 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.231913090 CET4434981534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.231961966 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.232148886 CET4434981534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.232464075 CET49815443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.018429995 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.067301035 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.165802956 CET4434982234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.165941000 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.171134949 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.171154976 CET4434982234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.171216011 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.171452999 CET4434982234.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.171509981 CET49822443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.179565907 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.180730104 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.180771112 CET4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.181380033 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.182784081 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.182801962 CET4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.299303055 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.316167116 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.435875893 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.494138002 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.537514925 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.630285978 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.691328049 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.938925028 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.058744907 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.253494978 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.308664083 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.393554926 CET4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.393619061 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:41.121052027 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:41.121082067 CET4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:41.121166945 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:41.121336937 CET4434982334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:41.121767044 CET49823443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.008080959 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.128179073 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.322773933 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.326030016 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.378180027 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.445837021 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.640520096 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.694686890 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.286552906 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.286593914 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.289827108 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.289974928 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.289990902 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.306514978 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.306550026 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.308469057 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.308634996 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.308650017 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.392276049 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.392327070 CET4434984635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.397979021 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.399442911 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.399461031 CET4434984635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481590033 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481626034 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481847048 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481975079 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481986046 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.534910917 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.534940004 CET4434984835.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.535243988 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.536725044 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.536752939 CET4434984835.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.569906950 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.570004940 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.570327997 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.570456982 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.573450089 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.573461056 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.573688030 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.576472998 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.576479912 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.576769114 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.579889059 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.579917908 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580037117 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580053091 CET4434984534.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580096006 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580113888 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580120087 CET4434984435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580374956 CET49845443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.580400944 CET49844443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.585803986 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.610327959 CET4434984635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.610447884 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.615849018 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.615858078 CET4434984635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.615943909 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.616025925 CET4434984635.190.72.216192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.616139889 CET49846443192.168.2.635.190.72.216
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.696818113 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.697000027 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.700248003 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.700256109 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.700644970 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.702967882 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.703077078 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.703149080 CET44349847151.101.129.91192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.703257084 CET49847443192.168.2.6151.101.129.91
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.705816031 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.711528063 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.711569071 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.711837053 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.711968899 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.711977005 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.713895082 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.713928938 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.714421988 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.714586020 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.714601040 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.716633081 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.716653109 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.716914892 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.716984034 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.716995001 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.759412050 CET4434984835.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.761416912 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.765726089 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.765731096 CET4434984835.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.765830994 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.765933037 CET4434984835.201.103.21192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.767729044 CET49848443192.168.2.635.201.103.21
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.784663916 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.784706116 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.784809113 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.784924984 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.784940004 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.900526047 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.903868914 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.941425085 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.023674965 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.218219995 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.257980108 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.732950926 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.732980967 CET4434985934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.733864069 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.735296965 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.735327959 CET4434985934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.922987938 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.923067093 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.924521923 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.924587011 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.925918102 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.925925970 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.926161051 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.926662922 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.926731110 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.928339958 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.928356886 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.928580999 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.931332111 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.931343079 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.931586027 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.934070110 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.934205055 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.934215069 CET4434985435.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.934999943 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.934999943 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.935149908 CET4434985535.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.935767889 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.935821056 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.935955048 CET4434985635.244.181.201192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.940109968 CET49854443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.940208912 CET49855443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.940208912 CET49856443192.168.2.635.244.181.201
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.940752029 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.995986938 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.996179104 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.999197960 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.999206066 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.999533892 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.001600981 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.001717091 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.001769066 CET4434985734.149.100.209192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.002048969 CET49857443192.168.2.634.149.100.209
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.060480118 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.255052090 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.258151054 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.313832998 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.377784014 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.572344065 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.614701986 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.948916912 CET4434985934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.949023962 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.954915047 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.954936028 CET4434985934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.955045938 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.955126047 CET4434985934.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.955265045 CET49859443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.957726955 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.077440023 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.271903992 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.275147915 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.316867113 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.394963980 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.590920925 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.633290052 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.276238918 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.395917892 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.592741966 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.712596893 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:05.895767927 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.015568972 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.210634947 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.215557098 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.253246069 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.335365057 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.529829025 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.587656021 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.965234041 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.965276003 CET4434991634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.965676069 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.967097044 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.967108011 CET4434991634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.178309917 CET4434991634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.178420067 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.182687044 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.182693005 CET4434991634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.182784081 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.182862997 CET4434991634.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.183670044 CET49916443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.185519934 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.305223942 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.499855042 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.503163099 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.546217918 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.622946024 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.817545891 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.865365028 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866436958 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866466045 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866656065 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866707087 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866919041 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.866929054 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867038012 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867057085 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867283106 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867305040 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867331028 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867347002 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867877007 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867912054 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867916107 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867916107 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867978096 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867979050 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.867986917 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868006945 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868184090 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868200064 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868211985 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868231058 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868278027 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868294001 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868366003 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868383884 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868463993 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868475914 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.080809116 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.080945015 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084362984 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084376097 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084539890 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084616899 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084661961 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084949970 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.084963083 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.085063934 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.085148096 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.086014986 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.086894989 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.087167025 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.087182999 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.087465048 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.087467909 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.087681055 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.090444088 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.090451002 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.090770960 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.092740059 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.092757940 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.092979908 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.095201969 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.095221996 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.095555067 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.097420931 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.097443104 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.097749949 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.102058887 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.102222919 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.102704048 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.102727890 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.103444099 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.103501081 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.113389969 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.113389969 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.113790989 CET4434993534.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.113835096 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.113867044 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114147902 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114149094 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114406109 CET4434993334.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114559889 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114710093 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114742041 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.114753008 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.116489887 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.116681099 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.116722107 CET4434993634.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117014885 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117014885 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117405891 CET4434993434.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117619991 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117680073 CET49935443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117711067 CET49933443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117711067 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117712975 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117861032 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117878914 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117950916 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.117959976 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.118350983 CET49936443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.118443966 CET49934443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.121062040 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.240781069 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.307328939 CET4434993234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.307388067 CET49932443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.319384098 CET4434993734.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.319502115 CET49937443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.436028957 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.439456940 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.489433050 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.559185028 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.753802061 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.805824995 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.328421116 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.328515053 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.330177069 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.330193043 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.330311060 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.331835032 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.331851959 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.332077980 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.334367990 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.334378004 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.334615946 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.337862968 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.337989092 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338004112 CET4434994234.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338059902 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338198900 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338241100 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338254929 CET4434994134.120.208.123192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338268042 CET49942443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.338306904 CET49941443192.168.2.634.120.208.123
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.340761900 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.460431099 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.656409979 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.659430981 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.708455086 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.779278994 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.973723888 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:21.024959087 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:30.665214062 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:30.785062075 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:30.981734037 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:31.101512909 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:40.795283079 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:40.915054083 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:41.111799002 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:41.231512070 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:50.925128937 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:51.044910908 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:51.241630077 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:51.361665010 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.741305113 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.741331100 CET4435001834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.741719007 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.743197918 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.743211985 CET4435001834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.953474998 CET4435001834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.953587055 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.958369017 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.958380938 CET4435001834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.958483934 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.958520889 CET4435001834.107.243.93192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.959335089 CET50018443192.168.2.634.107.243.93
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.961072922 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.080749035 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.275285959 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.279336929 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.319458961 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.399007082 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.593573093 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.635921955 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.279952049 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.399882078 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.596674919 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.716485977 CET804976934.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.410336971 CET4982180192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.530132055 CET804982134.107.221.82192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.726849079 CET4976980192.168.2.634.107.221.82
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.846688032 CET804976934.107.221.82192.168.2.6

                                                                                                                                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.550333977 CET5699453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.688152075 CET53569941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.694899082 CET5016753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.834414959 CET53501671.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.582173109 CET4928053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.582221985 CET5011053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.719363928 CET53492801.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.725714922 CET6268553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.725897074 CET5210753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.862819910 CET53626851.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.862827063 CET53521071.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.877451897 CET5891553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.878313065 CET6473753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.999386072 CET6387053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.014991045 CET53589151.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.015567064 CET53647371.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.137628078 CET53638701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.138720989 CET6264253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.179013968 CET5625153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260159016 CET4926053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.275755882 CET53626421.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.279378891 CET6378753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.317610025 CET53562511.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.319467068 CET6117053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.356123924 CET5972253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.358055115 CET6350953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.397547960 CET53492601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.414659977 CET4923553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.417104006 CET53637871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.459202051 CET53611701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.475805044 CET5690253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.493511915 CET53597221.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.498075008 CET6442953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.552840948 CET53492351.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.613919020 CET53569021.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.635010958 CET53644291.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.635852098 CET5396253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.775348902 CET53539621.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.035700083 CET53637741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.507797956 CET6120853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.508255959 CET6047253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.644769907 CET53612081.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.645853996 CET53604721.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.710280895 CET4934653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.710731030 CET5436353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.848225117 CET53493461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.242630005 CET5298253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.381033897 CET53529821.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.381799936 CET5481053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.519067049 CET53548101.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.182521105 CET5413153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.313090086 CET6065653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.319813967 CET53541311.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.397716045 CET6326853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.455638885 CET53606561.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.495222092 CET5630053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.535183907 CET53632681.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.562517881 CET6129853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.639358997 CET53563001.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.699909925 CET53612981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.251703024 CET6294653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.390224934 CET53629461.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.009242058 CET5755153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.147290945 CET53575511.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.150197029 CET5907053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.485752106 CET53590701.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.872958899 CET5913553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874907017 CET6186553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.011015892 CET5122753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.012661934 CET53618651.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.656796932 CET5315453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.657067060 CET5891853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.657311916 CET6231453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.659473896 CET6135953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET53531541.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.794507980 CET53589181.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.794981956 CET5521253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795166016 CET5915353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795166016 CET53623141.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795742989 CET6199753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.932687044 CET53591531.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934097052 CET5742553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934134960 CET53619971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET53552121.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934689999 CET5239753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934977055 CET5437153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072541952 CET53574251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072571993 CET53543711.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072587013 CET53523971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073507071 CET6379453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073719978 CET5396653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073954105 CET5961853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211608887 CET53637941.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET53539661.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.218941927 CET5181953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.220731974 CET5614453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.221484900 CET5617853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.356373072 CET53518191.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.357409954 CET6334153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.360512018 CET5041653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.428566933 CET53561441.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.429442883 CET6552753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.494680882 CET53633411.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.497675896 CET53504161.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.568536043 CET53655271.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.180038929 CET6465953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.285948992 CET5394853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.305969954 CET5559553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.395587921 CET5226053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480348110 CET53539481.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480426073 CET53555951.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481798887 CET4949253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.533833027 CET53522601.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.535192966 CET5469853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.619981050 CET53494921.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.620876074 CET5497953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.675183058 CET53546981.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.679156065 CET6187453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.758368015 CET53549791.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.908256054 CET53618741.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.592569113 CET4945153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.731758118 CET53494511.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.733798027 CET6412553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.871141911 CET53641251.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.965456963 CET6509053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:11.102689981 CET53650901.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868413925 CET5319753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:18.007460117 CET53531971.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.602128983 CET5733053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.740031958 CET53573301.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.741374016 CET6260953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.880758047 CET53626091.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.961448908 CET4997453192.168.2.61.1.1.1

                                                                                                                                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.550333977 CET192.168.2.61.1.1.10x1df2Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.694899082 CET192.168.2.61.1.1.10xbaf5Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.582173109 CET192.168.2.61.1.1.10xb5b6Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.582221985 CET192.168.2.61.1.1.10x68c6Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.725714922 CET192.168.2.61.1.1.10x9572Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.725897074 CET192.168.2.61.1.1.10x6033Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.877451897 CET192.168.2.61.1.1.10xda8fStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.878313065 CET192.168.2.61.1.1.10xacafStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.999386072 CET192.168.2.61.1.1.10x418Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.138720989 CET192.168.2.61.1.1.10xb406Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.179013968 CET192.168.2.61.1.1.10x2dccStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.260159016 CET192.168.2.61.1.1.10x4f86Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.279378891 CET192.168.2.61.1.1.10xd76dStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.319467068 CET192.168.2.61.1.1.10xae4cStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.356123924 CET192.168.2.61.1.1.10x6370Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.358055115 CET192.168.2.61.1.1.10x3065Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.414659977 CET192.168.2.61.1.1.10x39ecStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.475805044 CET192.168.2.61.1.1.10x3cf3Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.498075008 CET192.168.2.61.1.1.10x4181Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.635852098 CET192.168.2.61.1.1.10xbb65Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.507797956 CET192.168.2.61.1.1.10x50bfStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.508255959 CET192.168.2.61.1.1.10x13bdStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.710280895 CET192.168.2.61.1.1.10x585eStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.710731030 CET192.168.2.61.1.1.10x2c18Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.242630005 CET192.168.2.61.1.1.10x680cStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.381799936 CET192.168.2.61.1.1.10xd6fbStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.182521105 CET192.168.2.61.1.1.10x2bcaStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.313090086 CET192.168.2.61.1.1.10x249cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.397716045 CET192.168.2.61.1.1.10xf280Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.495222092 CET192.168.2.61.1.1.10xba71Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.562517881 CET192.168.2.61.1.1.10xa857Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.251703024 CET192.168.2.61.1.1.10x37dStandard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.009242058 CET192.168.2.61.1.1.10xaa61Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.150197029 CET192.168.2.61.1.1.10x4522Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.872958899 CET192.168.2.61.1.1.10xb910Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.874907017 CET192.168.2.61.1.1.10x83ceStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.011015892 CET192.168.2.61.1.1.10x807bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.656796932 CET192.168.2.61.1.1.10xcc59Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.657067060 CET192.168.2.61.1.1.10xcbbbStandard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.657311916 CET192.168.2.61.1.1.10x5abcStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.659473896 CET192.168.2.61.1.1.10x5e58Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.794981956 CET192.168.2.61.1.1.10x40a3Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795166016 CET192.168.2.61.1.1.10x63e7Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795742989 CET192.168.2.61.1.1.10x59ecStandard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934097052 CET192.168.2.61.1.1.10x8edStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934689999 CET192.168.2.61.1.1.10x3c57Standard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934977055 CET192.168.2.61.1.1.10x62e4Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073507071 CET192.168.2.61.1.1.10xfe01Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073719978 CET192.168.2.61.1.1.10xcae3Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.073954105 CET192.168.2.61.1.1.10xc673Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.218941927 CET192.168.2.61.1.1.10xc6dbStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.220731974 CET192.168.2.61.1.1.10x72Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.221484900 CET192.168.2.61.1.1.10x793fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.357409954 CET192.168.2.61.1.1.10x6440Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.360512018 CET192.168.2.61.1.1.10x4978Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.429442883 CET192.168.2.61.1.1.10x4477Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.180038929 CET192.168.2.61.1.1.10x5527Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.285948992 CET192.168.2.61.1.1.10xb22cStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.305969954 CET192.168.2.61.1.1.10xcb8aStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.395587921 CET192.168.2.61.1.1.10x2c74Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.481798887 CET192.168.2.61.1.1.10x65e4Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.535192966 CET192.168.2.61.1.1.10xf250Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.620876074 CET192.168.2.61.1.1.10x8291Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.679156065 CET192.168.2.61.1.1.10xde19Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.592569113 CET192.168.2.61.1.1.10x9249Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.733798027 CET192.168.2.61.1.1.10x744dStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:10.965456963 CET192.168.2.61.1.1.10xe018Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.868413925 CET192.168.2.61.1.1.10x374eStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.602128983 CET192.168.2.61.1.1.10x7491Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.741374016 CET192.168.2.61.1.1.10xae34Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.961448908 CET192.168.2.61.1.1.10xfd0aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.468869925 CET1.1.1.1192.168.2.60xe83aNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:18.688152075 CET1.1.1.1192.168.2.60x1df2No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.719363928 CET1.1.1.1192.168.2.60xb5b6No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.719633102 CET1.1.1.1192.168.2.60x68c6No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.719633102 CET1.1.1.1192.168.2.60x68c6No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.862819910 CET1.1.1.1192.168.2.60x9572No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:19.862827063 CET1.1.1.1192.168.2.60x6033No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.014991045 CET1.1.1.1192.168.2.60xda8fNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.015567064 CET1.1.1.1192.168.2.60xacafNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.137628078 CET1.1.1.1192.168.2.60x418No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.258980989 CET1.1.1.1192.168.2.60x230dNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.258980989 CET1.1.1.1192.168.2.60x230dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.275755882 CET1.1.1.1192.168.2.60xb406No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.317610025 CET1.1.1.1192.168.2.60x2dccNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.317610025 CET1.1.1.1192.168.2.60x2dccNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.397547960 CET1.1.1.1192.168.2.60x4f86No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.459202051 CET1.1.1.1192.168.2.60xae4cNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.493511915 CET1.1.1.1192.168.2.60x6370No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.493511915 CET1.1.1.1192.168.2.60x6370No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.493511915 CET1.1.1.1192.168.2.60x6370No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.594707966 CET1.1.1.1192.168.2.60x3065No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.635010958 CET1.1.1.1192.168.2.60x4181No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.775348902 CET1.1.1.1192.168.2.60xbb65No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.644769907 CET1.1.1.1192.168.2.60x50bfNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.645853996 CET1.1.1.1192.168.2.60x13bdNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.645853996 CET1.1.1.1192.168.2.60x13bdNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.847544909 CET1.1.1.1192.168.2.60x2c18No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.847544909 CET1.1.1.1192.168.2.60x2c18No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:22.848225117 CET1.1.1.1192.168.2.60x585eNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.381033897 CET1.1.1.1192.168.2.60x680cNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.261925936 CET1.1.1.1192.168.2.60x3abaNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.319813967 CET1.1.1.1192.168.2.60x2bcaNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.319813967 CET1.1.1.1192.168.2.60x2bcaNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.330291033 CET1.1.1.1192.168.2.60xef52No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.330291033 CET1.1.1.1192.168.2.60xef52No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.455638885 CET1.1.1.1192.168.2.60x249cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.535183907 CET1.1.1.1192.168.2.60xf280No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.390224934 CET1.1.1.1192.168.2.60x37dNo error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.390224934 CET1.1.1.1192.168.2.60x37dNo error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.390224934 CET1.1.1.1192.168.2.60x37dNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:31.147290945 CET1.1.1.1192.168.2.60xaa61No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.009979963 CET1.1.1.1192.168.2.60xb910No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.009979963 CET1.1.1.1192.168.2.60xb910No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.011359930 CET1.1.1.1192.168.2.60xdde5No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.154603958 CET1.1.1.1192.168.2.60x807bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.154603958 CET1.1.1.1192.168.2.60x807bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.793797016 CET1.1.1.1192.168.2.60xcc59No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.794507980 CET1.1.1.1192.168.2.60xcbbbNo error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.794507980 CET1.1.1.1192.168.2.60xcbbbNo error (0)star-mini.c10r.facebook.com157.240.195.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795166016 CET1.1.1.1192.168.2.60x5abcNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.795166016 CET1.1.1.1192.168.2.60x5abcNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.804075003 CET1.1.1.1192.168.2.60x5e58No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.804075003 CET1.1.1.1192.168.2.60x5e58No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.932687044 CET1.1.1.1192.168.2.60x63e7No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934134960 CET1.1.1.1192.168.2.60x59ecNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.934185028 CET1.1.1.1192.168.2.60x40a3No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072541952 CET1.1.1.1192.168.2.60x8edNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072571993 CET1.1.1.1192.168.2.60x62e4No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072587013 CET1.1.1.1192.168.2.60x3c57No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072587013 CET1.1.1.1192.168.2.60x3c57No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072587013 CET1.1.1.1192.168.2.60x3c57No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.072587013 CET1.1.1.1192.168.2.60x3c57No error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211608887 CET1.1.1.1192.168.2.60xfe01No error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET1.1.1.1192.168.2.60xcae3No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET1.1.1.1192.168.2.60xcae3No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET1.1.1.1192.168.2.60xcae3No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET1.1.1.1192.168.2.60xcae3No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.211726904 CET1.1.1.1192.168.2.60xcae3No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.213109016 CET1.1.1.1192.168.2.60xc673No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.213109016 CET1.1.1.1192.168.2.60xc673No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.356373072 CET1.1.1.1192.168.2.60xc6dbNo error (0)twitter.com104.244.42.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.358722925 CET1.1.1.1192.168.2.60x793fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.358722925 CET1.1.1.1192.168.2.60x793fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.428566933 CET1.1.1.1192.168.2.60x72No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.428566933 CET1.1.1.1192.168.2.60x72No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.428566933 CET1.1.1.1192.168.2.60x72No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:38.428566933 CET1.1.1.1192.168.2.60x72No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.550277948 CET1.1.1.1192.168.2.60x5527No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.550277948 CET1.1.1.1192.168.2.60x5527No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480426073 CET1.1.1.1192.168.2.60xcb8aNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480426073 CET1.1.1.1192.168.2.60xcb8aNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480426073 CET1.1.1.1192.168.2.60xcb8aNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.480426073 CET1.1.1.1192.168.2.60xcb8aNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.533833027 CET1.1.1.1192.168.2.60x2c74No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.533833027 CET1.1.1.1192.168.2.60x2c74No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.619981050 CET1.1.1.1192.168.2.60x65e4No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.619981050 CET1.1.1.1192.168.2.60x65e4No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.619981050 CET1.1.1.1192.168.2.60x65e4No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.619981050 CET1.1.1.1192.168.2.60x65e4No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.675183058 CET1.1.1.1192.168.2.60xf250No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.758368015 CET1.1.1.1192.168.2.60x8291No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.758368015 CET1.1.1.1192.168.2.60x8291No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.758368015 CET1.1.1.1192.168.2.60x8291No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:47.758368015 CET1.1.1.1192.168.2.60x8291No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.731758118 CET1.1.1.1192.168.2.60x9249No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.184770107 CET1.1.1.1192.168.2.60x944No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.184770107 CET1.1.1.1192.168.2.60x944No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:17.865222931 CET1.1.1.1192.168.2.60x88e3No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:52.740031958 CET1.1.1.1192.168.2.60x7491No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.098440886 CET1.1.1.1192.168.2.60xfd0aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.098440886 CET1.1.1.1192.168.2.60xfd0aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                            • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            0192.168.2.64975234.107.221.82806392C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:20.136987925 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:21.230756998 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70719
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            1192.168.2.64976934.107.221.82806392C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.242803097 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.293638945 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58724
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.202626944 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:29.521569014 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58729
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.179565907 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.494138002 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58739
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.938925028 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:40.253494978 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58740
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.326030016 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.640520096 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58743
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.903868914 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.218219995 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58749
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.258151054 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.572344065 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58750
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.275147915 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.590920925 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58751
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.592741966 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.215557098 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.529829025 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58766
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.503163099 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.817545891 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58772
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.439456940 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.753802061 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58779
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.659430981 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.973723888 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58780
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:30.981734037 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:41.111799002 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:51.241630077 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.279336929 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.593573093 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 14:37:40 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 58814
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.596674919 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.726849079 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            2192.168.2.64977234.107.221.82806392C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:23.424849033 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:24.511348963 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70722
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:34.522634029 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:36.872148991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.186986923 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70735
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                            3192.168.2.64982134.107.221.82806392C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:37.933320999 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.018429995 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70736
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.316167116 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:39.630285978 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70737
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.008080959 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:43.322773933 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70741
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.585803986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:48.900526047 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70746
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:49.940752029 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.255052090 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70748
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:50.957726955 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:56:51.271903992 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70749
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:01.276238918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:05.895767927 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:06.210634947 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70764
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.185519934 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:12.499855042 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70770
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.121062040 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:19.436028957 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70777
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.340761900 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:20.656409979 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70778
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:30.665214062 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:40.795283079 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:50.925128937 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:53.961072922 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                            Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                                                                                                                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:57:54.275285959 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                                                                                                                                                            Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                            Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                            Date: Thu, 12 Dec 2024 11:17:42 GMT
                                                                                                                                                                                                                                                                                                                                                                            Age: 70812
                                                                                                                                                                                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                            Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                            Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:04.279952049 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                            Dec 13, 2024 07:58:14.410336971 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:09
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Pl8Tb06C8A.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Pl8Tb06C8A.exe"
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x980000
                                                                                                                                                                                                                                                                                                                                                                            File size:967'168 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:99A5714DC7FEE4339E893FB116C78CDA
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:10
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:10
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:13
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:13
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:13
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:13
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                            Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x660000
                                                                                                                                                                                                                                                                                                                                                                            File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:14
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:16
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2284 -parentBuildID 20230927232528 -prefsHandle 2232 -prefMapHandle 2224 -prefsLen 25250 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c90f90d-58dd-45ba-a7ab-eb51e3ea8e21} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdbfa6e110 socket
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:18
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2964 -parentBuildID 20230927232528 -prefsHandle 3988 -prefMapHandle 3356 -prefsLen 26322 -prefMapSize 238690 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7c75143-5654-446b-bddb-adbf1f536fce} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd96bbd10 rdd
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                                                                                                                                            Start time:01:56:23
                                                                                                                                                                                                                                                                                                                                                                            Start date:13/12/2024
                                                                                                                                                                                                                                                                                                                                                                            Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                            Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4984 -prefsLen 33076 -prefMapSize 238690 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e250ea7-bfc2-4839-b39b-7047e5d75287} 6392 "\\.\pipe\gecko-crash-server-pipe.6392" 1bdd8083b10 utility
                                                                                                                                                                                                                                                                                                                                                                            Imagebase:0x7ff728280000
                                                                                                                                                                                                                                                                                                                                                                            File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                            MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                                                                                                                                              Execution Coverage:2.7%
                                                                                                                                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                              Signature Coverage:3.9%
                                                                                                                                                                                                                                                                                                                                                                              Total number of Nodes:1784
                                                                                                                                                                                                                                                                                                                                                                              Total number of Limit Nodes:64
                                                                                                                                                                                                                                                                                                                                                                              execution_graph 95639 981098 95644 9842de 95639->95644 95643 9810a7 95665 98a961 95644->95665 95648 984342 95661 984378 95648->95661 95682 9893b2 95648->95682 95650 98436c 95686 9837a0 95650->95686 95651 98441b GetCurrentProcess IsWow64Process 95653 984437 95651->95653 95654 98444f LoadLibraryA 95653->95654 95655 9c3824 GetSystemInfo 95653->95655 95656 98449c GetSystemInfo 95654->95656 95657 984460 GetProcAddress 95654->95657 95658 984476 95656->95658 95657->95656 95660 984470 GetNativeSystemInfo 95657->95660 95662 98447a FreeLibrary 95658->95662 95663 98109d 95658->95663 95659 9c37df 95660->95658 95661->95651 95661->95659 95662->95663 95664 9a00a3 29 API calls __onexit 95663->95664 95664->95643 95690 99fe0b 95665->95690 95667 98a976 95700 99fddb 95667->95700 95669 9842f5 GetVersionExW 95670 986b57 95669->95670 95671 9c4ba1 95670->95671 95672 986b67 _wcslen 95670->95672 95673 9893b2 22 API calls 95671->95673 95675 986b7d 95672->95675 95676 986ba2 95672->95676 95674 9c4baa 95673->95674 95674->95674 95725 986f34 22 API calls 95675->95725 95677 99fddb 22 API calls 95676->95677 95680 986bae 95677->95680 95679 986b85 __fread_nolock 95679->95648 95681 99fe0b 22 API calls 95680->95681 95681->95679 95683 9893c0 95682->95683 95685 9893c9 __fread_nolock 95682->95685 95683->95685 95726 98aec9 95683->95726 95685->95650 95687 9837ae 95686->95687 95688 9893b2 22 API calls 95687->95688 95689 9837c2 95688->95689 95689->95661 95693 99fddb 95690->95693 95692 99fdfa 95692->95667 95693->95692 95695 99fdfc 95693->95695 95710 9aea0c 95693->95710 95717 9a4ead 7 API calls 2 library calls 95693->95717 95699 9a066d 95695->95699 95718 9a32a4 RaiseException 95695->95718 95697 9a068a 95697->95667 95719 9a32a4 RaiseException 95699->95719 95703 99fde0 95700->95703 95701 9aea0c ___std_exception_copy 21 API calls 95701->95703 95702 99fdfa 95702->95669 95703->95701 95703->95702 95706 99fdfc 95703->95706 95722 9a4ead 7 API calls 2 library calls 95703->95722 95705 9a066d 95724 9a32a4 RaiseException 95705->95724 95706->95705 95723 9a32a4 RaiseException 95706->95723 95708 9a068a 95708->95669 95715 9b3820 _abort 95710->95715 95711 9b385e 95721 9af2d9 20 API calls __dosmaperr 95711->95721 95713 9b3849 RtlAllocateHeap 95714 9b385c 95713->95714 95713->95715 95714->95693 95715->95711 95715->95713 95720 9a4ead 7 API calls 2 library calls 95715->95720 95717->95693 95718->95699 95719->95697 95720->95715 95721->95714 95722->95703 95723->95705 95724->95708 95725->95679 95727 98aedc 95726->95727 95731 98aed9 __fread_nolock 95726->95731 95728 99fddb 22 API calls 95727->95728 95729 98aee7 95728->95729 95730 99fe0b 22 API calls 95729->95730 95730->95731 95731->95685 95732 99f698 95733 99f6c3 95732->95733 95734 99f6a2 95732->95734 95740 9df2f8 95733->95740 95749 9e4d4a 22 API calls messages 95733->95749 95741 98af8a 95734->95741 95736 99f6b2 95738 98af8a 22 API calls 95736->95738 95739 99f6c2 95738->95739 95742 98af98 95741->95742 95746 98afc0 messages 95741->95746 95743 98afa6 95742->95743 95744 98af8a 22 API calls 95742->95744 95745 98afac 95743->95745 95747 98af8a 22 API calls 95743->95747 95744->95743 95745->95746 95750 98b090 95745->95750 95746->95736 95747->95745 95749->95733 95751 98b09b messages 95750->95751 95753 98b0d6 messages 95751->95753 95754 99ce17 22 API calls messages 95751->95754 95753->95746 95754->95753 95755 9dd79f 95760 983b1c 95755->95760 95757 9dd7bf 95767 989c6e 22 API calls 95757->95767 95759 9dd7ef 95759->95759 95761 983b29 95760->95761 95763 983b8c 95760->95763 95762 983b30 RegOpenKeyExW 95761->95762 95761->95763 95762->95763 95764 983b4a RegQueryValueExW 95762->95764 95763->95757 95765 983b6b 95764->95765 95766 983b80 RegCloseKey 95764->95766 95765->95766 95766->95763 95767->95759 95768 9dd35f 95769 9dd30c 95768->95769 95772 9edf27 SHGetFolderPathW 95769->95772 95773 986b57 22 API calls 95772->95773 95774 9dd315 95773->95774 95775 98105b 95780 98344d 95775->95780 95777 98106a 95811 9a00a3 29 API calls __onexit 95777->95811 95779 981074 95781 98345d __wsopen_s 95780->95781 95782 98a961 22 API calls 95781->95782 95783 983513 95782->95783 95812 983a5a 95783->95812 95785 98351c 95819 983357 95785->95819 95792 98a961 22 API calls 95793 98354d 95792->95793 95840 98a6c3 95793->95840 95796 983578 95796->95777 95797 9c3176 RegQueryValueExW 95798 9c320c RegCloseKey 95797->95798 95799 9c3193 95797->95799 95798->95796 95810 9c321e _wcslen 95798->95810 95800 99fe0b 22 API calls 95799->95800 95801 9c31ac 95800->95801 95846 985722 95801->95846 95804 9c31d4 95805 986b57 22 API calls 95804->95805 95807 9c31ee messages 95805->95807 95806 984c6d 22 API calls 95806->95810 95807->95798 95809 98515f 22 API calls 95809->95810 95810->95796 95810->95806 95810->95809 95849 989cb3 95810->95849 95811->95779 95855 9c1f50 95812->95855 95815 989cb3 22 API calls 95816 983a8d 95815->95816 95857 983aa2 95816->95857 95818 983a97 95818->95785 95820 9c1f50 __wsopen_s 95819->95820 95821 983364 GetFullPathNameW 95820->95821 95822 983386 95821->95822 95823 986b57 22 API calls 95822->95823 95824 9833a4 95823->95824 95825 9833c6 95824->95825 95826 9833dd 95825->95826 95827 9c30bb 95825->95827 95867 9833ee 95826->95867 95829 99fddb 22 API calls 95827->95829 95831 9c30c5 _wcslen 95829->95831 95830 9833e8 95834 98515f 95830->95834 95832 99fe0b 22 API calls 95831->95832 95833 9c30fe __fread_nolock 95832->95833 95835 98516e 95834->95835 95839 98518f __fread_nolock 95834->95839 95838 99fe0b 22 API calls 95835->95838 95836 99fddb 22 API calls 95837 983544 95836->95837 95837->95792 95838->95839 95839->95836 95841 98a6dd 95840->95841 95842 983556 RegOpenKeyExW 95840->95842 95843 99fddb 22 API calls 95841->95843 95842->95796 95842->95797 95844 98a6e7 95843->95844 95845 99fe0b 22 API calls 95844->95845 95845->95842 95847 99fddb 22 API calls 95846->95847 95848 985734 RegQueryValueExW 95847->95848 95848->95804 95848->95807 95850 989cc2 _wcslen 95849->95850 95851 99fe0b 22 API calls 95850->95851 95852 989cea __fread_nolock 95851->95852 95853 99fddb 22 API calls 95852->95853 95854 989d00 95853->95854 95854->95810 95856 983a67 GetModuleFileNameW 95855->95856 95856->95815 95858 9c1f50 __wsopen_s 95857->95858 95859 983aaf GetFullPathNameW 95858->95859 95860 983ae9 95859->95860 95861 983ace 95859->95861 95863 98a6c3 22 API calls 95860->95863 95862 986b57 22 API calls 95861->95862 95864 983ada 95862->95864 95863->95864 95865 9837a0 22 API calls 95864->95865 95866 983ae6 95865->95866 95866->95818 95868 9833fe _wcslen 95867->95868 95869 9c311d 95868->95869 95870 983411 95868->95870 95871 99fddb 22 API calls 95869->95871 95877 98a587 95870->95877 95873 9c3127 95871->95873 95875 99fe0b 22 API calls 95873->95875 95874 98341e __fread_nolock 95874->95830 95876 9c3157 __fread_nolock 95875->95876 95878 98a59d 95877->95878 95881 98a598 __fread_nolock 95877->95881 95879 99fe0b 22 API calls 95878->95879 95880 9cf80f 95878->95880 95879->95881 95880->95880 95881->95874 95882 9dd29a 95885 9ede27 WSAStartup 95882->95885 95884 9dd2a5 95886 9ede50 gethostname gethostbyname 95885->95886 95887 9edee6 95885->95887 95886->95887 95888 9ede73 __fread_nolock 95886->95888 95887->95884 95889 9edea5 inet_ntoa 95888->95889 95893 9ede87 95888->95893 95891 9edebe _strcat 95889->95891 95890 9edede WSACleanup 95890->95887 95894 9eebd1 95891->95894 95893->95890 95895 9eec37 95894->95895 95896 9eebe0 _strlen 95894->95896 95895->95893 95897 9eebef MultiByteToWideChar 95896->95897 95897->95895 95898 9eec04 95897->95898 95899 99fe0b 22 API calls 95898->95899 95900 9eec20 MultiByteToWideChar 95899->95900 95900->95895 95901 9dd255 95902 983b1c 3 API calls 95901->95902 95903 9dd275 95901->95903 95902->95903 95903->95903 95904 983156 95907 983170 95904->95907 95908 983187 95907->95908 95909 9831eb 95908->95909 95910 98318c 95908->95910 95948 9831e9 95908->95948 95912 9c2dfb 95909->95912 95913 9831f1 95909->95913 95914 983199 95910->95914 95915 983265 PostQuitMessage 95910->95915 95911 9831d0 DefWindowProcW 95941 98316a 95911->95941 95966 9818e2 10 API calls 95912->95966 95916 9831f8 95913->95916 95917 98321d SetTimer RegisterWindowMessageW 95913->95917 95919 9c2e7c 95914->95919 95920 9831a4 95914->95920 95915->95941 95921 9c2d9c 95916->95921 95922 983201 KillTimer 95916->95922 95924 983246 CreatePopupMenu 95917->95924 95917->95941 95979 9ebf30 34 API calls ___scrt_fastfail 95919->95979 95925 9c2e68 95920->95925 95926 9831ae 95920->95926 95928 9c2dd7 MoveWindow 95921->95928 95929 9c2da1 95921->95929 95952 9830f2 95922->95952 95923 9c2e1c 95967 99e499 42 API calls 95923->95967 95924->95941 95956 9ec161 95925->95956 95933 9c2e4d 95926->95933 95934 9831b9 95926->95934 95928->95941 95938 9c2dc6 SetFocus 95929->95938 95939 9c2da7 95929->95939 95933->95911 95978 9e0ad7 22 API calls 95933->95978 95935 983253 95934->95935 95936 9831c4 95934->95936 95964 98326f 44 API calls ___scrt_fastfail 95935->95964 95936->95911 95949 9830f2 Shell_NotifyIconW 95936->95949 95937 9c2e8e 95937->95911 95937->95941 95938->95941 95939->95936 95943 9c2db0 95939->95943 95965 9818e2 10 API calls 95943->95965 95946 983263 95946->95941 95948->95911 95950 9c2e41 95949->95950 95968 983837 95950->95968 95953 983154 95952->95953 95954 983104 ___scrt_fastfail 95952->95954 95963 983c50 DeleteObject DestroyWindow 95953->95963 95955 983123 Shell_NotifyIconW 95954->95955 95955->95953 95957 9ec179 ___scrt_fastfail 95956->95957 95958 9ec276 95956->95958 95980 983923 95957->95980 95958->95941 95960 9ec25f KillTimer SetTimer 95960->95958 95961 9ec1a0 95961->95960 95962 9ec251 Shell_NotifyIconW 95961->95962 95962->95960 95963->95941 95964->95946 95965->95941 95966->95923 95967->95936 95969 983862 ___scrt_fastfail 95968->95969 96010 984212 95969->96010 95972 9838e8 95974 9c3386 Shell_NotifyIconW 95972->95974 95975 983906 Shell_NotifyIconW 95972->95975 95976 983923 24 API calls 95975->95976 95977 98391c 95976->95977 95977->95948 95978->95948 95979->95937 95981 98393f 95980->95981 95982 983a13 95980->95982 96002 986270 95981->96002 95982->95961 95985 98395a 95987 986b57 22 API calls 95985->95987 95986 9c3393 LoadStringW 95988 9c33ad 95986->95988 95989 98396f 95987->95989 95996 983994 ___scrt_fastfail 95988->95996 96008 98a8c7 22 API calls __fread_nolock 95988->96008 95990 98397c 95989->95990 95991 9c33c9 95989->95991 95990->95988 95993 983986 95990->95993 96009 986350 22 API calls 95991->96009 96007 986350 22 API calls 95993->96007 95999 9839f9 Shell_NotifyIconW 95996->95999 95997 9c33d7 95997->95996 95998 9833c6 22 API calls 95997->95998 96000 9c33f9 95998->96000 95999->95982 96001 9833c6 22 API calls 96000->96001 96001->95996 96003 99fe0b 22 API calls 96002->96003 96004 986295 96003->96004 96005 99fddb 22 API calls 96004->96005 96006 98394d 96005->96006 96006->95985 96006->95986 96007->95996 96008->95996 96009->95997 96011 9c35a4 96010->96011 96012 9838b7 96010->96012 96011->96012 96013 9c35ad DestroyIcon 96011->96013 96012->95972 96014 9ec874 42 API calls _strftime 96012->96014 96013->96012 96014->95972 96015 990116 96016 99fddb 22 API calls 96015->96016 96017 99011d 96016->96017 96018 9b8402 96023 9b81be 96018->96023 96021 9b842a 96024 9b81ef try_get_first_available_module 96023->96024 96031 9b8338 96024->96031 96038 9a8e0b 40 API calls 2 library calls 96024->96038 96026 9b83ee 96042 9b27ec 26 API calls _abort 96026->96042 96028 9b8343 96028->96021 96035 9c0984 96028->96035 96030 9b838c 96030->96031 96039 9a8e0b 40 API calls 2 library calls 96030->96039 96031->96028 96041 9af2d9 20 API calls __dosmaperr 96031->96041 96033 9b83ab 96033->96031 96040 9a8e0b 40 API calls 2 library calls 96033->96040 96043 9c0081 96035->96043 96037 9c099f 96037->96021 96038->96030 96039->96033 96040->96031 96041->96026 96042->96028 96045 9c008d __FrameHandler3::FrameUnwindToState 96043->96045 96044 9c009b 96101 9af2d9 20 API calls __dosmaperr 96044->96101 96045->96044 96047 9c00d4 96045->96047 96054 9c065b 96047->96054 96048 9c00a0 96102 9b27ec 26 API calls _abort 96048->96102 96053 9c00aa __fread_nolock 96053->96037 96104 9c042f 96054->96104 96057 9c068d 96136 9af2c6 20 API calls __dosmaperr 96057->96136 96058 9c06a6 96122 9b5221 96058->96122 96061 9c06ab 96062 9c06cb 96061->96062 96063 9c06b4 96061->96063 96135 9c039a CreateFileW 96062->96135 96138 9af2c6 20 API calls __dosmaperr 96063->96138 96067 9c06b9 96139 9af2d9 20 API calls __dosmaperr 96067->96139 96069 9c0781 GetFileType 96070 9c078c GetLastError 96069->96070 96075 9c07d3 96069->96075 96142 9af2a3 20 API calls __dosmaperr 96070->96142 96071 9c0692 96137 9af2d9 20 API calls __dosmaperr 96071->96137 96072 9c0756 GetLastError 96141 9af2a3 20 API calls __dosmaperr 96072->96141 96073 9c0704 96073->96069 96073->96072 96140 9c039a CreateFileW 96073->96140 96144 9b516a 21 API calls 2 library calls 96075->96144 96077 9c079a CloseHandle 96077->96071 96079 9c07c3 96077->96079 96143 9af2d9 20 API calls __dosmaperr 96079->96143 96081 9c0749 96081->96069 96081->96072 96083 9c07f4 96085 9c0840 96083->96085 96145 9c05ab 72 API calls 3 library calls 96083->96145 96084 9c07c8 96084->96071 96089 9c086d 96085->96089 96146 9c014d 72 API calls 4 library calls 96085->96146 96088 9c0866 96088->96089 96090 9c087e 96088->96090 96147 9b86ae 96089->96147 96092 9c00f8 96090->96092 96093 9c08fc CloseHandle 96090->96093 96103 9c0121 LeaveCriticalSection __wsopen_s 96092->96103 96162 9c039a CreateFileW 96093->96162 96095 9c0927 96096 9c0931 GetLastError 96095->96096 96097 9c095d 96095->96097 96163 9af2a3 20 API calls __dosmaperr 96096->96163 96097->96092 96099 9c093d 96164 9b5333 21 API calls 2 library calls 96099->96164 96101->96048 96102->96053 96103->96053 96105 9c046a 96104->96105 96106 9c0450 96104->96106 96165 9c03bf 96105->96165 96106->96105 96172 9af2d9 20 API calls __dosmaperr 96106->96172 96109 9c045f 96173 9b27ec 26 API calls _abort 96109->96173 96111 9c04d1 96121 9c0524 96111->96121 96176 9ad70d 26 API calls 2 library calls 96111->96176 96112 9c04a2 96112->96111 96174 9af2d9 20 API calls __dosmaperr 96112->96174 96115 9c051f 96117 9c059e 96115->96117 96115->96121 96116 9c04c6 96175 9b27ec 26 API calls _abort 96116->96175 96177 9b27fc 11 API calls _abort 96117->96177 96120 9c05aa 96121->96057 96121->96058 96123 9b522d __FrameHandler3::FrameUnwindToState 96122->96123 96180 9b2f5e EnterCriticalSection 96123->96180 96125 9b5234 96126 9b5259 96125->96126 96130 9b52c7 EnterCriticalSection 96125->96130 96132 9b527b 96125->96132 96184 9b5000 96126->96184 96129 9b52a4 __fread_nolock 96129->96061 96130->96132 96133 9b52d4 LeaveCriticalSection 96130->96133 96181 9b532a 96132->96181 96133->96125 96135->96073 96136->96071 96137->96092 96138->96067 96139->96071 96140->96081 96141->96071 96142->96077 96143->96084 96144->96083 96145->96085 96146->96088 96210 9b53c4 96147->96210 96149 9b86c4 96223 9b5333 21 API calls 2 library calls 96149->96223 96150 9b86be 96150->96149 96152 9b86f6 96150->96152 96154 9b53c4 __wsopen_s 26 API calls 96150->96154 96152->96149 96155 9b53c4 __wsopen_s 26 API calls 96152->96155 96153 9b871c 96156 9b873e 96153->96156 96224 9af2a3 20 API calls __dosmaperr 96153->96224 96157 9b86ed 96154->96157 96158 9b8702 CloseHandle 96155->96158 96156->96092 96160 9b53c4 __wsopen_s 26 API calls 96157->96160 96158->96149 96161 9b870e GetLastError 96158->96161 96160->96152 96161->96149 96162->96095 96163->96099 96164->96097 96167 9c03d7 96165->96167 96166 9c03f2 96166->96112 96167->96166 96178 9af2d9 20 API calls __dosmaperr 96167->96178 96169 9c0416 96179 9b27ec 26 API calls _abort 96169->96179 96171 9c0421 96171->96112 96172->96109 96173->96105 96174->96116 96175->96111 96176->96115 96177->96120 96178->96169 96179->96171 96180->96125 96192 9b2fa6 LeaveCriticalSection 96181->96192 96183 9b5331 96183->96129 96193 9b4c7d 96184->96193 96186 9b5012 96190 9b501f 96186->96190 96200 9b3405 11 API calls 2 library calls 96186->96200 96189 9b5071 96189->96132 96191 9b5147 EnterCriticalSection 96189->96191 96201 9b29c8 96190->96201 96191->96132 96192->96183 96199 9b4c8a _abort 96193->96199 96194 9b4cca 96208 9af2d9 20 API calls __dosmaperr 96194->96208 96195 9b4cb5 RtlAllocateHeap 96197 9b4cc8 96195->96197 96195->96199 96197->96186 96199->96194 96199->96195 96207 9a4ead 7 API calls 2 library calls 96199->96207 96200->96186 96202 9b29d3 RtlFreeHeap 96201->96202 96206 9b29fc __dosmaperr 96201->96206 96203 9b29e8 96202->96203 96202->96206 96209 9af2d9 20 API calls __dosmaperr 96203->96209 96205 9b29ee GetLastError 96205->96206 96206->96189 96207->96199 96208->96197 96209->96205 96211 9b53d1 96210->96211 96212 9b53e6 96210->96212 96225 9af2c6 20 API calls __dosmaperr 96211->96225 96216 9b540b 96212->96216 96227 9af2c6 20 API calls __dosmaperr 96212->96227 96215 9b53d6 96226 9af2d9 20 API calls __dosmaperr 96215->96226 96216->96150 96217 9b5416 96228 9af2d9 20 API calls __dosmaperr 96217->96228 96219 9b53de 96219->96150 96221 9b541e 96229 9b27ec 26 API calls _abort 96221->96229 96223->96153 96224->96156 96225->96215 96226->96219 96227->96217 96228->96221 96229->96219 96230 981044 96235 9810f3 96230->96235 96232 98104a 96271 9a00a3 29 API calls __onexit 96232->96271 96234 981054 96272 981398 96235->96272 96239 98116a 96240 98a961 22 API calls 96239->96240 96241 981174 96240->96241 96242 98a961 22 API calls 96241->96242 96243 98117e 96242->96243 96244 98a961 22 API calls 96243->96244 96245 981188 96244->96245 96246 98a961 22 API calls 96245->96246 96247 9811c6 96246->96247 96248 98a961 22 API calls 96247->96248 96249 981292 96248->96249 96282 98171c 96249->96282 96253 9812c4 96254 98a961 22 API calls 96253->96254 96255 9812ce 96254->96255 96303 991940 96255->96303 96257 9812f9 96313 981aab 96257->96313 96259 981315 96260 981325 GetStdHandle 96259->96260 96261 98137a 96260->96261 96262 9c2485 96260->96262 96265 981387 OleInitialize 96261->96265 96262->96261 96263 9c248e 96262->96263 96264 99fddb 22 API calls 96263->96264 96266 9c2495 96264->96266 96265->96232 96320 9f011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96266->96320 96268 9c249e 96321 9f0944 CreateThread 96268->96321 96270 9c24aa CloseHandle 96270->96261 96271->96234 96322 9813f1 96272->96322 96275 9813f1 22 API calls 96276 9813d0 96275->96276 96277 98a961 22 API calls 96276->96277 96278 9813dc 96277->96278 96279 986b57 22 API calls 96278->96279 96280 981129 96279->96280 96281 981bc3 6 API calls 96280->96281 96281->96239 96283 98a961 22 API calls 96282->96283 96284 98172c 96283->96284 96285 98a961 22 API calls 96284->96285 96286 981734 96285->96286 96287 98a961 22 API calls 96286->96287 96288 98174f 96287->96288 96289 99fddb 22 API calls 96288->96289 96290 98129c 96289->96290 96291 981b4a 96290->96291 96292 981b58 96291->96292 96293 98a961 22 API calls 96292->96293 96294 981b63 96293->96294 96295 98a961 22 API calls 96294->96295 96296 981b6e 96295->96296 96297 98a961 22 API calls 96296->96297 96298 981b79 96297->96298 96299 98a961 22 API calls 96298->96299 96300 981b84 96299->96300 96301 99fddb 22 API calls 96300->96301 96302 981b96 RegisterWindowMessageW 96301->96302 96302->96253 96304 991981 96303->96304 96310 99195d 96303->96310 96329 9a0242 5 API calls __Init_thread_wait 96304->96329 96307 99198b 96307->96310 96330 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96307->96330 96308 998727 96312 99196e 96308->96312 96332 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96308->96332 96310->96312 96331 9a0242 5 API calls __Init_thread_wait 96310->96331 96312->96257 96314 9c272d 96313->96314 96315 981abb 96313->96315 96333 9f3209 23 API calls 96314->96333 96316 99fddb 22 API calls 96315->96316 96318 981ac3 96316->96318 96318->96259 96319 9c2738 96320->96268 96321->96270 96334 9f092a 28 API calls 96321->96334 96323 98a961 22 API calls 96322->96323 96324 9813fc 96323->96324 96325 98a961 22 API calls 96324->96325 96326 981404 96325->96326 96327 98a961 22 API calls 96326->96327 96328 9813c6 96327->96328 96328->96275 96329->96307 96330->96310 96331->96308 96332->96312 96333->96319 96335 9d2a00 96351 98d7b0 messages 96335->96351 96336 98db11 PeekMessageW 96336->96351 96337 98d807 GetInputState 96337->96336 96337->96351 96338 9d1cbe TranslateAcceleratorW 96338->96351 96340 98db8f PeekMessageW 96340->96351 96341 98da04 timeGetTime 96341->96351 96342 98db73 TranslateMessage DispatchMessageW 96342->96340 96343 98dbaf Sleep 96343->96351 96344 9d2b74 Sleep 96357 9d2a51 96344->96357 96347 9d1dda timeGetTime 96516 99e300 23 API calls 96347->96516 96350 9d2c0b GetExitCodeProcess 96354 9d2c37 CloseHandle 96350->96354 96355 9d2c21 WaitForSingleObject 96350->96355 96351->96336 96351->96337 96351->96338 96351->96340 96351->96341 96351->96342 96351->96343 96351->96344 96351->96347 96356 98d9d5 96351->96356 96351->96357 96367 98dd50 96351->96367 96374 98dfd0 96351->96374 96397 98bf40 96351->96397 96455 99edf6 96351->96455 96460 991310 96351->96460 96515 99e551 timeGetTime 96351->96515 96517 9f3a2a 23 API calls 96351->96517 96518 98ec40 96351->96518 96542 9f359c 82 API calls __wsopen_s 96351->96542 96352 a129bf GetForegroundWindow 96352->96357 96354->96357 96355->96351 96355->96354 96357->96350 96357->96351 96357->96352 96357->96356 96358 9d2ca9 Sleep 96357->96358 96543 a05658 23 API calls 96357->96543 96544 9ee97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96357->96544 96545 99e551 timeGetTime 96357->96545 96546 9ed4dc CreateToolhelp32Snapshot Process32FirstW 96357->96546 96358->96351 96368 98dd6f 96367->96368 96369 98dd83 96367->96369 96556 98d260 96368->96556 96588 9f359c 82 API calls __wsopen_s 96369->96588 96371 98dd7a 96371->96351 96373 9d2f75 96373->96373 96375 98e010 96374->96375 96391 98e0dc messages 96375->96391 96604 9a0242 5 API calls __Init_thread_wait 96375->96604 96378 9d2fca 96380 98a961 22 API calls 96378->96380 96378->96391 96379 98a961 22 API calls 96379->96391 96383 9d2fe4 96380->96383 96605 9a00a3 29 API calls __onexit 96383->96605 96385 9d2fee 96606 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96385->96606 96388 98ec40 348 API calls 96388->96391 96389 9f359c 82 API calls 96389->96391 96391->96379 96391->96388 96391->96389 96393 98e3e1 96391->96393 96394 9904f0 22 API calls 96391->96394 96598 98a8c7 22 API calls __fread_nolock 96391->96598 96599 98a81b 96391->96599 96603 99a308 348 API calls 96391->96603 96607 9a0242 5 API calls __Init_thread_wait 96391->96607 96608 9a00a3 29 API calls __onexit 96391->96608 96609 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96391->96609 96610 a047d4 348 API calls 96391->96610 96611 a068c1 348 API calls 96391->96611 96393->96351 96394->96391 96654 98adf0 96397->96654 96399 98bf9d 96400 98bfa9 96399->96400 96401 9d04b6 96399->96401 96403 9d04c6 96400->96403 96404 98c01e 96400->96404 96672 9f359c 82 API calls __wsopen_s 96401->96672 96673 9f359c 82 API calls __wsopen_s 96403->96673 96659 98ac91 96404->96659 96407 98c7da 96411 99fe0b 22 API calls 96407->96411 96416 98c808 __fread_nolock 96411->96416 96413 9d04f5 96417 9d055a 96413->96417 96674 99d217 348 API calls 96413->96674 96422 99fe0b 22 API calls 96416->96422 96454 98c603 96417->96454 96675 9f359c 82 API calls __wsopen_s 96417->96675 96418 98ec40 348 API calls 96440 98c039 __fread_nolock messages 96418->96440 96419 98af8a 22 API calls 96419->96440 96420 9e7120 22 API calls 96420->96440 96421 9d091a 96682 9f3209 23 API calls 96421->96682 96442 98c350 __fread_nolock messages 96422->96442 96425 9d08a5 96426 98ec40 348 API calls 96425->96426 96428 9d08cf 96426->96428 96430 98a81b 41 API calls 96428->96430 96428->96454 96429 9d0591 96676 9f359c 82 API calls __wsopen_s 96429->96676 96432 9d08f6 96430->96432 96431 98a993 41 API calls 96431->96440 96681 9f359c 82 API calls __wsopen_s 96432->96681 96434 98bbe0 40 API calls 96434->96440 96436 98c3ac 96436->96351 96437 98aceb 23 API calls 96437->96440 96438 98c237 96439 98c253 96438->96439 96683 98a8c7 22 API calls __fread_nolock 96438->96683 96444 9d0976 96439->96444 96449 98c297 messages 96439->96449 96440->96407 96440->96413 96440->96416 96440->96417 96440->96418 96440->96419 96440->96420 96440->96421 96440->96425 96440->96429 96440->96431 96440->96432 96440->96434 96440->96437 96440->96438 96441 99fe0b 22 API calls 96440->96441 96447 9d09bf 96440->96447 96448 99fddb 22 API calls 96440->96448 96440->96454 96663 98ad81 96440->96663 96677 9e7099 22 API calls __fread_nolock 96440->96677 96678 a05745 54 API calls _wcslen 96440->96678 96679 99aa42 22 API calls messages 96440->96679 96680 9ef05c 40 API calls 96440->96680 96441->96440 96442->96436 96671 99ce17 22 API calls messages 96442->96671 96446 98aceb 23 API calls 96444->96446 96446->96447 96447->96454 96684 9f359c 82 API calls __wsopen_s 96447->96684 96448->96440 96449->96447 96450 98aceb 23 API calls 96449->96450 96451 98c335 96450->96451 96451->96447 96452 98c342 96451->96452 96670 98a704 22 API calls messages 96452->96670 96454->96351 96456 99ee09 96455->96456 96457 99ee12 96455->96457 96456->96351 96457->96456 96458 99ee36 IsDialogMessageW 96457->96458 96459 9defaf GetClassLongW 96457->96459 96458->96456 96458->96457 96459->96457 96459->96458 96461 9917b0 96460->96461 96462 991376 96460->96462 96723 9a0242 5 API calls __Init_thread_wait 96461->96723 96463 991390 96462->96463 96464 9d6331 96462->96464 96466 991940 9 API calls 96463->96466 96467 9d633d 96464->96467 96727 a0709c 348 API calls 96464->96727 96470 9913a0 96466->96470 96467->96351 96469 9917ba 96471 9917fb 96469->96471 96472 989cb3 22 API calls 96469->96472 96473 991940 9 API calls 96470->96473 96475 9d6346 96471->96475 96477 99182c 96471->96477 96480 9917d4 96472->96480 96474 9913b6 96473->96474 96474->96471 96476 9913ec 96474->96476 96728 9f359c 82 API calls __wsopen_s 96475->96728 96476->96475 96500 991408 __fread_nolock 96476->96500 96479 98aceb 23 API calls 96477->96479 96481 991839 96479->96481 96724 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96480->96724 96725 99d217 348 API calls 96481->96725 96484 9d636e 96729 9f359c 82 API calls __wsopen_s 96484->96729 96485 99152f 96487 99153c 96485->96487 96488 9d63d1 96485->96488 96490 991940 9 API calls 96487->96490 96731 a05745 54 API calls _wcslen 96488->96731 96491 991549 96490->96491 96497 991940 9 API calls 96491->96497 96507 9915c7 messages 96491->96507 96492 99fddb 22 API calls 96492->96500 96493 991872 96726 99faeb 23 API calls 96493->96726 96494 99fe0b 22 API calls 96494->96500 96495 99171d 96495->96351 96503 991563 96497->96503 96499 98ec40 348 API calls 96499->96500 96500->96481 96500->96484 96500->96485 96500->96492 96500->96494 96500->96499 96504 9d63b2 96500->96504 96500->96507 96501 99167b messages 96501->96495 96722 99ce17 22 API calls messages 96501->96722 96503->96507 96732 98a8c7 22 API calls __fread_nolock 96503->96732 96730 9f359c 82 API calls __wsopen_s 96504->96730 96505 991940 9 API calls 96505->96507 96507->96493 96507->96501 96507->96505 96694 a0a2ea 96507->96694 96699 a0ab67 96507->96699 96702 a11591 96507->96702 96705 a0abf7 96507->96705 96710 99f645 96507->96710 96717 9f5c5a 96507->96717 96733 9f359c 82 API calls __wsopen_s 96507->96733 96515->96351 96516->96351 96517->96351 96540 98ec76 messages 96518->96540 96519 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96519->96540 96520 99fddb 22 API calls 96520->96540 96521 98fef7 96535 98ed9d messages 96521->96535 96968 98a8c7 22 API calls __fread_nolock 96521->96968 96524 9d4600 96524->96535 96967 98a8c7 22 API calls __fread_nolock 96524->96967 96525 9d4b0b 96970 9f359c 82 API calls __wsopen_s 96525->96970 96526 98a8c7 22 API calls 96526->96540 96532 9a0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96532->96540 96533 98fbe3 96533->96535 96536 9d4bdc 96533->96536 96541 98f3ae messages 96533->96541 96534 98a961 22 API calls 96534->96540 96535->96351 96971 9f359c 82 API calls __wsopen_s 96536->96971 96537 9a00a3 29 API calls pre_c_initialization 96537->96540 96539 9d4beb 96972 9f359c 82 API calls __wsopen_s 96539->96972 96540->96519 96540->96520 96540->96521 96540->96524 96540->96525 96540->96526 96540->96532 96540->96533 96540->96534 96540->96535 96540->96537 96540->96539 96540->96541 96905 9901e0 96540->96905 96966 9906a0 41 API calls messages 96540->96966 96541->96535 96969 9f359c 82 API calls __wsopen_s 96541->96969 96542->96351 96543->96357 96544->96357 96545->96357 97003 9edef7 96546->97003 96548 9ed5db CloseHandle 96548->96357 96549 9ed529 Process32NextW 96549->96548 96551 9ed522 96549->96551 96550 98a961 22 API calls 96550->96551 96551->96548 96551->96549 96551->96550 96552 989cb3 22 API calls 96551->96552 97009 98525f 22 API calls 96551->97009 97010 986350 22 API calls 96551->97010 97011 99ce60 41 API calls 96551->97011 96552->96551 96557 98ec40 348 API calls 96556->96557 96577 98d29d 96557->96577 96558 9d1bc4 96597 9f359c 82 API calls __wsopen_s 96558->96597 96560 98d30b messages 96560->96371 96561 98d3c3 96563 98d6d5 96561->96563 96564 98d3ce 96561->96564 96562 98d5ff 96565 9d1bb5 96562->96565 96566 98d614 96562->96566 96563->96560 96572 99fe0b 22 API calls 96563->96572 96568 99fddb 22 API calls 96564->96568 96596 a05705 23 API calls 96565->96596 96570 99fddb 22 API calls 96566->96570 96567 98d4b8 96573 99fe0b 22 API calls 96567->96573 96576 98d3d5 __fread_nolock 96568->96576 96582 98d46a 96570->96582 96571 99fddb 22 API calls 96571->96577 96572->96576 96580 98d429 __fread_nolock messages 96573->96580 96574 99fddb 22 API calls 96575 98d3f6 96574->96575 96575->96580 96589 98bec0 348 API calls 96575->96589 96576->96574 96576->96575 96577->96558 96577->96560 96577->96561 96577->96563 96577->96567 96577->96571 96577->96580 96579 9d1ba4 96595 9f359c 82 API calls __wsopen_s 96579->96595 96580->96562 96580->96579 96580->96582 96584 9d1b7f 96580->96584 96586 9d1b5d 96580->96586 96590 981f6f 96580->96590 96582->96371 96594 9f359c 82 API calls __wsopen_s 96584->96594 96593 9f359c 82 API calls __wsopen_s 96586->96593 96588->96373 96589->96580 96591 98ec40 348 API calls 96590->96591 96592 981f98 96591->96592 96592->96580 96593->96582 96594->96582 96595->96582 96596->96558 96597->96560 96598->96391 96600 98a826 96599->96600 96601 98a855 96600->96601 96612 98a993 96600->96612 96601->96391 96603->96391 96604->96378 96605->96385 96606->96391 96607->96391 96608->96391 96609->96391 96610->96391 96611->96391 96629 98bbe0 96612->96629 96614 98a9a3 96615 9cf8c8 96614->96615 96616 98a9b1 96614->96616 96639 98aceb 96615->96639 96618 99fddb 22 API calls 96616->96618 96620 98a9c2 96618->96620 96619 9cf8d3 96621 98a961 22 API calls 96620->96621 96622 98a9cc 96621->96622 96623 98a9db 96622->96623 96637 98a8c7 22 API calls __fread_nolock 96622->96637 96625 99fddb 22 API calls 96623->96625 96626 98a9e5 96625->96626 96638 98a869 40 API calls 96626->96638 96628 98aa09 96628->96601 96630 98be27 96629->96630 96635 98bbf3 96629->96635 96630->96614 96632 98a961 22 API calls 96632->96635 96633 98bc9d 96633->96614 96635->96632 96635->96633 96649 9a0242 5 API calls __Init_thread_wait 96635->96649 96650 9a00a3 29 API calls __onexit 96635->96650 96651 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96635->96651 96637->96623 96638->96628 96640 98acf9 96639->96640 96648 98ad2a messages 96639->96648 96641 98ad55 96640->96641 96643 98ad01 messages 96640->96643 96641->96648 96652 98a8c7 22 API calls __fread_nolock 96641->96652 96644 9cfa48 96643->96644 96645 98ad21 96643->96645 96643->96648 96644->96648 96653 99ce17 22 API calls messages 96644->96653 96646 9cfa3a VariantClear 96645->96646 96645->96648 96646->96648 96648->96619 96649->96635 96650->96635 96651->96635 96652->96648 96653->96648 96655 98ae01 96654->96655 96658 98ae1c messages 96654->96658 96656 98aec9 22 API calls 96655->96656 96657 98ae09 CharUpperBuffW 96656->96657 96657->96658 96658->96399 96660 98acae 96659->96660 96662 98acd1 96660->96662 96685 9f359c 82 API calls __wsopen_s 96660->96685 96662->96440 96664 9cfadb 96663->96664 96665 98ad92 96663->96665 96666 99fddb 22 API calls 96665->96666 96667 98ad99 96666->96667 96686 98adcd 96667->96686 96670->96442 96671->96442 96672->96403 96673->96454 96674->96417 96675->96454 96676->96454 96677->96440 96678->96440 96679->96440 96680->96440 96681->96454 96682->96438 96683->96439 96684->96454 96685->96662 96690 98addd 96686->96690 96687 98adb6 96687->96440 96688 99fddb 22 API calls 96688->96690 96689 98a961 22 API calls 96689->96690 96690->96687 96690->96688 96690->96689 96691 98adcd 22 API calls 96690->96691 96693 98a8c7 22 API calls __fread_nolock 96690->96693 96691->96690 96693->96690 96734 987510 96694->96734 96697 9ed4dc 47 API calls 96698 a0a315 96697->96698 96698->96507 96761 a0aff9 96699->96761 96889 a12ad8 96702->96889 96704 a1159f 96704->96507 96706 a0aff9 217 API calls 96705->96706 96708 a0ac0c 96706->96708 96707 a0ac54 96707->96507 96708->96707 96709 98aceb 23 API calls 96708->96709 96709->96707 96711 98b567 39 API calls 96710->96711 96712 99f659 96711->96712 96713 9df2dc Sleep 96712->96713 96714 99f661 timeGetTime 96712->96714 96715 98b567 39 API calls 96714->96715 96716 99f677 96715->96716 96716->96507 96718 987510 53 API calls 96717->96718 96719 9f5c6d 96718->96719 96900 9edbbe lstrlenW 96719->96900 96721 9f5c77 96721->96507 96722->96501 96723->96469 96724->96471 96725->96493 96726->96493 96727->96467 96728->96507 96729->96507 96730->96507 96731->96503 96732->96507 96733->96507 96735 987522 96734->96735 96736 987525 96734->96736 96735->96697 96737 98755b 96736->96737 96738 98752d 96736->96738 96740 9c50f6 96737->96740 96741 98756d 96737->96741 96749 9c500f 96737->96749 96757 9a51c6 26 API calls 96738->96757 96760 9a5183 26 API calls 96740->96760 96758 99fb21 51 API calls 96741->96758 96742 98753d 96747 99fddb 22 API calls 96742->96747 96745 9c510e 96745->96745 96750 987547 96747->96750 96748 9c5088 96759 99fb21 51 API calls 96748->96759 96749->96748 96752 99fe0b 22 API calls 96749->96752 96751 989cb3 22 API calls 96750->96751 96751->96735 96753 9c5058 96752->96753 96754 99fddb 22 API calls 96753->96754 96755 9c507f 96754->96755 96756 989cb3 22 API calls 96755->96756 96756->96748 96757->96742 96758->96742 96759->96740 96760->96745 96762 a0b01d ___scrt_fastfail 96761->96762 96763 a0b094 96762->96763 96764 a0b058 96762->96764 96768 98b567 39 API calls 96763->96768 96769 a0b08b 96763->96769 96859 98b567 96764->96859 96766 a0b063 96766->96769 96772 98b567 39 API calls 96766->96772 96767 a0b0ed 96770 987510 53 API calls 96767->96770 96771 a0b0a5 96768->96771 96769->96767 96773 98b567 39 API calls 96769->96773 96774 a0b10b 96770->96774 96775 98b567 39 API calls 96771->96775 96776 a0b078 96772->96776 96773->96767 96852 987620 96774->96852 96775->96769 96778 98b567 39 API calls 96776->96778 96778->96769 96779 a0b115 96780 a0b1d8 96779->96780 96781 a0b11f 96779->96781 96782 a0b20a GetCurrentDirectoryW 96780->96782 96786 987510 53 API calls 96780->96786 96783 987510 53 API calls 96781->96783 96784 99fe0b 22 API calls 96782->96784 96785 a0b130 96783->96785 96787 a0b22f GetCurrentDirectoryW 96784->96787 96788 987620 22 API calls 96785->96788 96789 a0b1ef 96786->96789 96790 a0b23c 96787->96790 96791 a0b13a 96788->96791 96792 987620 22 API calls 96789->96792 96795 a0b275 96790->96795 96864 989c6e 22 API calls 96790->96864 96793 987510 53 API calls 96791->96793 96794 a0b1f9 _wcslen 96792->96794 96796 a0b14b 96793->96796 96794->96782 96794->96795 96803 a0b287 96795->96803 96804 a0b28b 96795->96804 96798 987620 22 API calls 96796->96798 96800 a0b155 96798->96800 96799 a0b255 96865 989c6e 22 API calls 96799->96865 96802 987510 53 API calls 96800->96802 96806 a0b166 96802->96806 96809 a0b2f8 96803->96809 96810 a0b39a CreateProcessW 96803->96810 96867 9f07c0 10 API calls 96804->96867 96805 a0b265 96866 989c6e 22 API calls 96805->96866 96812 987620 22 API calls 96806->96812 96808 a0b294 96868 9f06e6 10 API calls 96808->96868 96870 9e11c8 39 API calls 96809->96870 96851 a0b32f _wcslen 96810->96851 96815 a0b170 96812->96815 96818 a0b1a6 GetSystemDirectoryW 96815->96818 96823 987510 53 API calls 96815->96823 96816 a0b2aa 96869 9f05a7 8 API calls 96816->96869 96817 a0b2fd 96821 a0b323 96817->96821 96822 a0b32a 96817->96822 96820 99fe0b 22 API calls 96818->96820 96825 a0b1cb GetSystemDirectoryW 96820->96825 96871 9e1201 128 API calls 2 library calls 96821->96871 96872 9e14ce 6 API calls 96822->96872 96827 a0b187 96823->96827 96824 a0b2d0 96824->96803 96825->96790 96830 987620 22 API calls 96827->96830 96829 a0b328 96829->96851 96833 a0b191 _wcslen 96830->96833 96831 a0b3d6 GetLastError 96841 a0b41a 96831->96841 96832 a0b42f CloseHandle 96834 a0b43f 96832->96834 96842 a0b49a 96832->96842 96833->96790 96833->96818 96835 a0b451 96834->96835 96836 a0b446 CloseHandle 96834->96836 96838 a0b463 96835->96838 96839 a0b458 CloseHandle 96835->96839 96836->96835 96843 a0b475 96838->96843 96844 a0b46a CloseHandle 96838->96844 96839->96838 96840 a0b4a6 96840->96841 96856 9f0175 96841->96856 96842->96840 96847 a0b4d2 CloseHandle 96842->96847 96873 9f09d9 34 API calls 96843->96873 96844->96843 96847->96841 96849 a0b486 96874 a0b536 25 API calls 96849->96874 96851->96831 96851->96832 96853 98762a _wcslen 96852->96853 96854 99fe0b 22 API calls 96853->96854 96855 98763f 96854->96855 96855->96779 96875 9f030f 96856->96875 96860 98b578 96859->96860 96861 98b57f 96859->96861 96860->96861 96888 9a62d1 39 API calls _strftime 96860->96888 96861->96766 96863 98b5c2 96863->96766 96864->96799 96865->96805 96866->96795 96867->96808 96868->96816 96869->96824 96870->96817 96871->96829 96872->96851 96873->96849 96874->96842 96876 9f0329 96875->96876 96877 9f0321 CloseHandle 96875->96877 96878 9f032e CloseHandle 96876->96878 96879 9f0336 96876->96879 96877->96876 96878->96879 96880 9f033b CloseHandle 96879->96880 96881 9f0343 96879->96881 96880->96881 96882 9f0348 CloseHandle 96881->96882 96883 9f0350 96881->96883 96882->96883 96884 9f035d 96883->96884 96885 9f0355 CloseHandle 96883->96885 96886 9f017d 96884->96886 96887 9f0362 CloseHandle 96884->96887 96885->96884 96886->96507 96887->96886 96888->96863 96890 98aceb 23 API calls 96889->96890 96891 a12af3 96890->96891 96892 a12b1d 96891->96892 96893 a12aff 96891->96893 96895 986b57 22 API calls 96892->96895 96894 987510 53 API calls 96893->96894 96896 a12b0c 96894->96896 96897 a12b1b 96895->96897 96896->96897 96899 98a8c7 22 API calls __fread_nolock 96896->96899 96897->96704 96899->96897 96901 9edbdc GetFileAttributesW 96900->96901 96902 9edc06 96900->96902 96901->96902 96903 9edbe8 FindFirstFileW 96901->96903 96902->96721 96903->96902 96904 9edbf9 FindClose 96903->96904 96904->96902 96906 990206 96905->96906 96922 99027e 96905->96922 96907 9d5411 96906->96907 96908 990213 96906->96908 96991 a07b7e 348 API calls 2 library calls 96907->96991 96915 9d5435 96908->96915 96918 99021d 96908->96918 96909 9d5405 96990 9f359c 82 API calls __wsopen_s 96909->96990 96913 9d5466 96916 9d5471 96913->96916 96917 9d5493 96913->96917 96914 98ec40 348 API calls 96914->96922 96915->96913 96921 9d544d 96915->96921 96993 a07b7e 348 API calls 2 library calls 96916->96993 96973 a05689 96917->96973 96938 990230 messages 96918->96938 96996 98a8c7 22 API calls __fread_nolock 96918->96996 96920 990405 96920->96540 96992 9f359c 82 API calls __wsopen_s 96921->96992 96922->96914 96922->96920 96928 9d51b9 96922->96928 96941 9903f9 96922->96941 96948 9d51ce messages 96922->96948 96949 990344 96922->96949 96959 9903b2 messages 96922->96959 96926 9d5332 96926->96938 96989 98a8c7 22 API calls __fread_nolock 96926->96989 96986 9f359c 82 API calls __wsopen_s 96928->96986 96929 9d568a 96931 9d56c0 96929->96931 96998 a07771 67 API calls 96929->96998 96937 98aceb 23 API calls 96931->96937 96934 9d5532 96994 9f1119 22 API calls 96934->96994 96962 990273 messages 96937->96962 96938->96929 96938->96962 96997 a07632 54 API calls __wsopen_s 96938->96997 96939 9d5668 96942 987510 53 API calls 96939->96942 96940 9d569e 96943 987510 53 API calls 96940->96943 96941->96920 96985 9f359c 82 API calls __wsopen_s 96941->96985 96956 9d5670 _wcslen 96942->96956 96958 9d56a6 _wcslen 96943->96958 96946 9d54b9 96980 9f0acc 96946->96980 96947 9d5544 96995 98a673 22 API calls 96947->96995 96948->96959 96948->96962 96987 9f359c 82 API calls __wsopen_s 96948->96987 96949->96941 96984 9904f0 22 API calls 96949->96984 96952 9903a5 96952->96941 96952->96959 96955 9d554d 96963 9f0acc 22 API calls 96955->96963 96956->96929 96960 98aceb 23 API calls 96956->96960 96957 991310 348 API calls 96957->96938 96958->96931 96961 98aceb 23 API calls 96958->96961 96959->96909 96959->96926 96959->96938 96959->96962 96988 99a308 348 API calls 96959->96988 96960->96929 96961->96931 96962->96540 96964 9d5566 96963->96964 96965 98bf40 348 API calls 96964->96965 96965->96938 96966->96540 96967->96535 96968->96535 96969->96535 96970->96535 96971->96539 96972->96535 96974 a056a4 96973->96974 96979 9d549e 96973->96979 96975 99fe0b 22 API calls 96974->96975 96976 a056c6 96975->96976 96977 99fddb 22 API calls 96976->96977 96976->96979 96999 9f0a59 96976->96999 96977->96976 96979->96934 96979->96946 96981 9f0ada 96980->96981 96983 9d54e3 96980->96983 96982 99fddb 22 API calls 96981->96982 96981->96983 96982->96983 96983->96957 96984->96952 96985->96962 96986->96948 96987->96959 96988->96959 96989->96938 96990->96907 96991->96938 96992->96962 96993->96938 96994->96947 96995->96955 96996->96938 96997->96939 96998->96940 97000 9f0a7a 96999->97000 97001 99fddb 22 API calls 97000->97001 97002 9f0a85 97000->97002 97001->97002 97002->96976 97005 9edf02 97003->97005 97004 9edf19 97013 9a62fb 39 API calls _strftime 97004->97013 97005->97004 97008 9edf1f 97005->97008 97012 9a63b2 GetStringTypeW _strftime 97005->97012 97008->96551 97009->96551 97010->96551 97011->96551 97012->97005 97013->97008 97014 9c2402 97017 981410 97014->97017 97018 9c24b8 DestroyWindow 97017->97018 97019 98144f mciSendStringW 97017->97019 97031 9c24c4 97018->97031 97020 98146b 97019->97020 97021 9816c6 97019->97021 97022 981479 97020->97022 97020->97031 97021->97020 97023 9816d5 UnregisterHotKey 97021->97023 97050 98182e 97022->97050 97023->97021 97025 9c24d8 97025->97031 97056 986246 CloseHandle 97025->97056 97026 9c24e2 FindClose 97026->97031 97028 9c2509 97033 9c252d 97028->97033 97034 9c251c FreeLibrary 97028->97034 97030 98148e 97032 98149c 97030->97032 97030->97033 97031->97025 97031->97026 97031->97028 97036 9814f8 CoUninitialize 97032->97036 97035 9c2541 VirtualFree 97033->97035 97039 981509 97033->97039 97034->97028 97035->97033 97036->97039 97037 9c2589 97042 9c2598 messages 97037->97042 97057 9f32eb 6 API calls messages 97037->97057 97039->97037 97040 981514 97039->97040 97054 981944 VirtualFreeEx CloseHandle 97040->97054 97046 9c2627 97042->97046 97058 9e64d4 22 API calls messages 97042->97058 97044 98153a 97044->97042 97045 98161f 97044->97045 97045->97046 97047 98166d 97045->97047 97046->97046 97047->97046 97055 981876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97047->97055 97049 9816c1 97052 98183b 97050->97052 97051 981480 97051->97028 97051->97030 97052->97051 97059 9e702a 22 API calls 97052->97059 97054->97044 97055->97049 97056->97025 97057->97037 97058->97042 97059->97052 97060 9a03fb 97061 9a0407 __FrameHandler3::FrameUnwindToState 97060->97061 97089 99feb1 97061->97089 97063 9a040e 97064 9a0561 97063->97064 97067 9a0438 97063->97067 97119 9a083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97064->97119 97066 9a0568 97112 9a4e52 97066->97112 97078 9a0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97067->97078 97100 9b247d 97067->97100 97074 9a0457 97076 9a04d8 97108 9a0959 97076->97108 97078->97076 97115 9a4e1a 38 API calls 2 library calls 97078->97115 97080 9a04de 97081 9a04f3 97080->97081 97116 9a0992 GetModuleHandleW 97081->97116 97083 9a04fa 97083->97066 97084 9a04fe 97083->97084 97085 9a0507 97084->97085 97117 9a4df5 28 API calls _abort 97084->97117 97118 9a0040 13 API calls 2 library calls 97085->97118 97088 9a050f 97088->97074 97090 99feba 97089->97090 97121 9a0698 IsProcessorFeaturePresent 97090->97121 97092 99fec6 97122 9a2c94 10 API calls 3 library calls 97092->97122 97094 99fecf 97094->97063 97095 99fecb 97095->97094 97123 9b2317 97095->97123 97098 99fee6 97098->97063 97101 9b2494 97100->97101 97102 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97101->97102 97103 9a0451 97102->97103 97103->97074 97104 9b2421 97103->97104 97105 9b2450 97104->97105 97106 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97105->97106 97107 9b2479 97106->97107 97107->97078 97174 9a2340 97108->97174 97111 9a097f 97111->97080 97176 9a4bcf 97112->97176 97115->97076 97116->97083 97117->97085 97118->97088 97119->97066 97121->97092 97122->97095 97127 9bd1f6 97123->97127 97126 9a2cbd 8 API calls 3 library calls 97126->97094 97129 9bd20f 97127->97129 97131 9bd213 97127->97131 97145 9a0a8c 97129->97145 97130 99fed8 97130->97098 97130->97126 97131->97129 97133 9b4bfb 97131->97133 97134 9b4c07 __FrameHandler3::FrameUnwindToState 97133->97134 97152 9b2f5e EnterCriticalSection 97134->97152 97136 9b4c0e 97153 9b50af 97136->97153 97138 9b4c1d 97144 9b4c2c 97138->97144 97166 9b4a8f 29 API calls 97138->97166 97141 9b4c27 97167 9b4b45 GetStdHandle GetFileType 97141->97167 97143 9b4c3d __fread_nolock 97143->97131 97168 9b4c48 LeaveCriticalSection _abort 97144->97168 97146 9a0a97 IsProcessorFeaturePresent 97145->97146 97147 9a0a95 97145->97147 97149 9a0c5d 97146->97149 97147->97130 97173 9a0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97149->97173 97151 9a0d40 97151->97130 97152->97136 97154 9b50bb __FrameHandler3::FrameUnwindToState 97153->97154 97155 9b50c8 97154->97155 97156 9b50df 97154->97156 97170 9af2d9 20 API calls __dosmaperr 97155->97170 97169 9b2f5e EnterCriticalSection 97156->97169 97159 9b50eb 97164 9b5000 __wsopen_s 21 API calls 97159->97164 97165 9b5117 97159->97165 97160 9b50cd 97171 9b27ec 26 API calls _abort 97160->97171 97163 9b50d7 __fread_nolock 97163->97138 97164->97159 97172 9b513e LeaveCriticalSection _abort 97165->97172 97166->97141 97167->97144 97168->97143 97169->97159 97170->97160 97171->97163 97172->97163 97173->97151 97175 9a096c GetStartupInfoW 97174->97175 97175->97111 97177 9a4bdb _abort 97176->97177 97178 9a4be2 97177->97178 97179 9a4bf4 97177->97179 97215 9a4d29 GetModuleHandleW 97178->97215 97200 9b2f5e EnterCriticalSection 97179->97200 97182 9a4be7 97182->97179 97216 9a4d6d GetModuleHandleExW 97182->97216 97183 9a4c99 97204 9a4cd9 97183->97204 97186 9a4bfb 97186->97183 97188 9a4c70 97186->97188 97201 9b21a8 97186->97201 97192 9a4c88 97188->97192 97197 9b2421 _abort 5 API calls 97188->97197 97190 9a4ce2 97224 9c1d29 5 API calls __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 97190->97224 97191 9a4cb6 97207 9a4ce8 97191->97207 97193 9b2421 _abort 5 API calls 97192->97193 97193->97183 97197->97192 97200->97186 97225 9b1ee1 97201->97225 97244 9b2fa6 LeaveCriticalSection 97204->97244 97206 9a4cb2 97206->97190 97206->97191 97245 9b360c 97207->97245 97210 9a4d16 97213 9a4d6d _abort 8 API calls 97210->97213 97211 9a4cf6 GetPEB 97211->97210 97212 9a4d06 GetCurrentProcess TerminateProcess 97211->97212 97212->97210 97214 9a4d1e ExitProcess 97213->97214 97215->97182 97217 9a4dba 97216->97217 97218 9a4d97 GetProcAddress 97216->97218 97219 9a4dc9 97217->97219 97220 9a4dc0 FreeLibrary 97217->97220 97221 9a4dac 97218->97221 97222 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97219->97222 97220->97219 97221->97217 97223 9a4bf3 97222->97223 97223->97179 97228 9b1e90 97225->97228 97227 9b1f05 97227->97188 97229 9b1e9c __FrameHandler3::FrameUnwindToState 97228->97229 97236 9b2f5e EnterCriticalSection 97229->97236 97231 9b1eaa 97237 9b1f31 97231->97237 97235 9b1ec8 __fread_nolock 97235->97227 97236->97231 97240 9b1f51 97237->97240 97241 9b1f59 97237->97241 97238 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97239 9b1eb7 97238->97239 97243 9b1ed5 LeaveCriticalSection _abort 97239->97243 97240->97238 97241->97240 97242 9b29c8 _free 20 API calls 97241->97242 97242->97240 97243->97235 97244->97206 97246 9b3631 97245->97246 97247 9b3627 97245->97247 97252 9b2fd7 5 API calls 2 library calls 97246->97252 97249 9a0a8c __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 97247->97249 97250 9a4cf2 97249->97250 97250->97210 97250->97211 97251 9b3648 97251->97247 97252->97251 97253 98defc 97256 981d6f 97253->97256 97255 98df07 97257 981d8c 97256->97257 97258 981f6f 348 API calls 97257->97258 97259 981da6 97258->97259 97260 9c2759 97259->97260 97262 981e36 97259->97262 97263 981dc2 97259->97263 97266 9f359c 82 API calls __wsopen_s 97260->97266 97262->97255 97263->97262 97265 98289a 23 API calls 97263->97265 97265->97262 97266->97262 97267 9dd27a GetUserNameW 97268 9dd292 97267->97268 97268->97268 97269 9d3f75 97280 99ceb1 97269->97280 97271 9d3f8b 97279 9d4006 97271->97279 97289 99e300 23 API calls 97271->97289 97273 98bf40 348 API calls 97275 9d4052 97273->97275 97277 9d4a88 97275->97277 97291 9f359c 82 API calls __wsopen_s 97275->97291 97276 9d3fe6 97276->97275 97290 9f1abf 22 API calls 97276->97290 97279->97273 97281 99cebf 97280->97281 97282 99ced2 97280->97282 97283 98aceb 23 API calls 97281->97283 97284 99cf05 97282->97284 97285 99ced7 97282->97285 97288 99cec9 97283->97288 97287 98aceb 23 API calls 97284->97287 97286 99fddb 22 API calls 97285->97286 97286->97288 97287->97288 97288->97271 97289->97276 97290->97279 97291->97277 97292 981033 97297 984c91 97292->97297 97296 981042 97298 98a961 22 API calls 97297->97298 97299 984cff 97298->97299 97305 983af0 97299->97305 97301 984d9c 97303 981038 97301->97303 97308 9851f7 22 API calls __fread_nolock 97301->97308 97304 9a00a3 29 API calls __onexit 97303->97304 97304->97296 97306 983b1c 3 API calls 97305->97306 97307 983b0f 97306->97307 97307->97301 97308->97301 97309 98fe73 97310 99ceb1 23 API calls 97309->97310 97311 98fe89 97310->97311 97316 99cf92 97311->97316 97313 98feb3 97328 9f359c 82 API calls __wsopen_s 97313->97328 97315 9d4ab8 97317 986270 22 API calls 97316->97317 97318 99cfc9 97317->97318 97319 989cb3 22 API calls 97318->97319 97322 99cffa 97318->97322 97320 9dd166 97319->97320 97329 986350 22 API calls 97320->97329 97322->97313 97323 9dd171 97330 99d2f0 40 API calls 97323->97330 97325 9dd184 97326 98aceb 23 API calls 97325->97326 97327 9dd188 97325->97327 97326->97327 97327->97327 97328->97315 97329->97323 97330->97325 97331 982e37 97332 98a961 22 API calls 97331->97332 97333 982e4d 97332->97333 97410 984ae3 97333->97410 97335 982e6b 97336 983a5a 24 API calls 97335->97336 97337 982e7f 97336->97337 97338 989cb3 22 API calls 97337->97338 97339 982e8c 97338->97339 97424 984ecb 97339->97424 97342 982ead 97446 98a8c7 22 API calls __fread_nolock 97342->97446 97343 9c2cb0 97462 9f2cf9 97343->97462 97345 9c2cc3 97347 9c2ccf 97345->97347 97488 984f39 97345->97488 97352 984f39 68 API calls 97347->97352 97348 982ec3 97447 986f88 22 API calls 97348->97447 97351 982ecf 97353 989cb3 22 API calls 97351->97353 97354 9c2ce5 97352->97354 97355 982edc 97353->97355 97494 983084 22 API calls 97354->97494 97356 98a81b 41 API calls 97355->97356 97358 982eec 97356->97358 97360 989cb3 22 API calls 97358->97360 97359 9c2d02 97495 983084 22 API calls 97359->97495 97362 982f12 97360->97362 97364 98a81b 41 API calls 97362->97364 97363 9c2d1e 97365 983a5a 24 API calls 97363->97365 97366 982f21 97364->97366 97367 9c2d44 97365->97367 97369 98a961 22 API calls 97366->97369 97496 983084 22 API calls 97367->97496 97371 982f3f 97369->97371 97370 9c2d50 97497 98a8c7 22 API calls __fread_nolock 97370->97497 97448 983084 22 API calls 97371->97448 97374 9c2d5e 97498 983084 22 API calls 97374->97498 97376 982f4b 97449 9a4a28 40 API calls 3 library calls 97376->97449 97377 9c2d6d 97499 98a8c7 22 API calls __fread_nolock 97377->97499 97379 982f59 97379->97354 97380 982f63 97379->97380 97450 9a4a28 40 API calls 3 library calls 97380->97450 97383 9c2d83 97500 983084 22 API calls 97383->97500 97384 982f6e 97384->97359 97386 982f78 97384->97386 97451 9a4a28 40 API calls 3 library calls 97386->97451 97387 9c2d90 97389 982f83 97389->97363 97390 982f8d 97389->97390 97452 9a4a28 40 API calls 3 library calls 97390->97452 97392 982f98 97393 982fdc 97392->97393 97453 983084 22 API calls 97392->97453 97393->97377 97394 982fe8 97393->97394 97394->97387 97456 9863eb 22 API calls 97394->97456 97396 982fbf 97454 98a8c7 22 API calls __fread_nolock 97396->97454 97399 982ff8 97457 986a50 22 API calls 97399->97457 97400 982fcd 97455 983084 22 API calls 97400->97455 97403 983006 97458 9870b0 23 API calls 97403->97458 97405 983021 97408 983065 97405->97408 97459 986f88 22 API calls 97405->97459 97460 9870b0 23 API calls 97405->97460 97461 983084 22 API calls 97405->97461 97411 984af0 __wsopen_s 97410->97411 97412 986b57 22 API calls 97411->97412 97413 984b22 97411->97413 97412->97413 97423 984b58 97413->97423 97501 984c6d 97413->97501 97415 989cb3 22 API calls 97417 984c52 97415->97417 97416 989cb3 22 API calls 97416->97423 97418 98515f 22 API calls 97417->97418 97421 984c5e 97418->97421 97419 984c6d 22 API calls 97419->97423 97420 98515f 22 API calls 97420->97423 97421->97335 97422 984c29 97422->97415 97422->97421 97423->97416 97423->97419 97423->97420 97423->97422 97504 984e90 LoadLibraryA 97424->97504 97429 9c3ccf 97431 984f39 68 API calls 97429->97431 97430 984ef6 LoadLibraryExW 97512 984e59 LoadLibraryA 97430->97512 97433 9c3cd6 97431->97433 97435 984e59 3 API calls 97433->97435 97437 9c3cde 97435->97437 97534 9850f5 97437->97534 97438 984f20 97438->97437 97439 984f2c 97438->97439 97440 984f39 68 API calls 97439->97440 97442 982ea5 97440->97442 97442->97342 97442->97343 97445 9c3d05 97446->97348 97447->97351 97448->97376 97449->97379 97450->97384 97451->97389 97452->97392 97453->97396 97454->97400 97455->97393 97456->97399 97457->97403 97458->97405 97459->97405 97460->97405 97461->97405 97463 9f2d15 97462->97463 97464 98511f 64 API calls 97463->97464 97465 9f2d29 97464->97465 97665 9f2e66 97465->97665 97468 9850f5 40 API calls 97469 9f2d56 97468->97469 97470 9850f5 40 API calls 97469->97470 97471 9f2d66 97470->97471 97472 9850f5 40 API calls 97471->97472 97473 9f2d81 97472->97473 97474 9850f5 40 API calls 97473->97474 97475 9f2d9c 97474->97475 97476 98511f 64 API calls 97475->97476 97477 9f2db3 97476->97477 97478 9aea0c ___std_exception_copy 21 API calls 97477->97478 97479 9f2dba 97478->97479 97480 9aea0c ___std_exception_copy 21 API calls 97479->97480 97481 9f2dc4 97480->97481 97482 9850f5 40 API calls 97481->97482 97483 9f2dd8 97482->97483 97484 9f28fe 27 API calls 97483->97484 97485 9f2dee 97484->97485 97486 9f2d3f 97485->97486 97671 9f22ce 79 API calls 97485->97671 97486->97345 97489 984f4a 97488->97489 97490 984f43 97488->97490 97492 984f59 97489->97492 97493 984f6a FreeLibrary 97489->97493 97672 9ae678 97490->97672 97492->97347 97493->97492 97494->97359 97495->97363 97496->97370 97497->97374 97498->97377 97499->97383 97500->97387 97502 98aec9 22 API calls 97501->97502 97503 984c78 97502->97503 97503->97413 97505 984ea8 GetProcAddress 97504->97505 97506 984ec6 97504->97506 97507 984eb8 97505->97507 97509 9ae5eb 97506->97509 97507->97506 97508 984ebf FreeLibrary 97507->97508 97508->97506 97542 9ae52a 97509->97542 97511 984eea 97511->97429 97511->97430 97513 984e8d 97512->97513 97514 984e6e GetProcAddress 97512->97514 97517 984f80 97513->97517 97515 984e7e 97514->97515 97515->97513 97516 984e86 FreeLibrary 97515->97516 97516->97513 97518 99fe0b 22 API calls 97517->97518 97519 984f95 97518->97519 97520 985722 22 API calls 97519->97520 97521 984fa1 __fread_nolock 97520->97521 97522 984fdc 97521->97522 97523 9c3d1d 97521->97523 97524 9850a5 97521->97524 97527 9c3d22 97522->97527 97528 9850f5 40 API calls 97522->97528 97533 98506e messages 97522->97533 97600 98511f 97522->97600 97605 9f304d 74 API calls 97523->97605 97594 9842a2 CreateStreamOnHGlobal 97524->97594 97529 98511f 64 API calls 97527->97529 97528->97522 97530 9c3d45 97529->97530 97531 9850f5 40 API calls 97530->97531 97531->97533 97533->97438 97535 9c3d70 97534->97535 97536 985107 97534->97536 97627 9ae8c4 97536->97627 97539 9f28fe 97648 9f274e 97539->97648 97541 9f2919 97541->97445 97544 9ae536 __FrameHandler3::FrameUnwindToState 97542->97544 97543 9ae544 97567 9af2d9 20 API calls __dosmaperr 97543->97567 97544->97543 97546 9ae574 97544->97546 97548 9ae579 97546->97548 97549 9ae586 97546->97549 97547 9ae549 97568 9b27ec 26 API calls _abort 97547->97568 97569 9af2d9 20 API calls __dosmaperr 97548->97569 97559 9b8061 97549->97559 97553 9ae58f 97554 9ae5a2 97553->97554 97555 9ae595 97553->97555 97571 9ae5d4 LeaveCriticalSection __fread_nolock 97554->97571 97570 9af2d9 20 API calls __dosmaperr 97555->97570 97556 9ae554 __fread_nolock 97556->97511 97560 9b806d __FrameHandler3::FrameUnwindToState 97559->97560 97572 9b2f5e EnterCriticalSection 97560->97572 97562 9b807b 97573 9b80fb 97562->97573 97566 9b80ac __fread_nolock 97566->97553 97567->97547 97568->97556 97569->97556 97570->97556 97571->97556 97572->97562 97582 9b811e 97573->97582 97574 9b8177 97575 9b4c7d _abort 20 API calls 97574->97575 97576 9b8180 97575->97576 97578 9b29c8 _free 20 API calls 97576->97578 97579 9b8189 97578->97579 97581 9b8088 97579->97581 97591 9b3405 11 API calls 2 library calls 97579->97591 97586 9b80b7 97581->97586 97582->97574 97582->97581 97589 9a918d EnterCriticalSection 97582->97589 97590 9a91a1 LeaveCriticalSection 97582->97590 97583 9b81a8 97592 9a918d EnterCriticalSection 97583->97592 97593 9b2fa6 LeaveCriticalSection 97586->97593 97588 9b80be 97588->97566 97589->97582 97590->97582 97591->97583 97592->97581 97593->97588 97595 9842bc FindResourceExW 97594->97595 97599 9842d9 97594->97599 97596 9c35ba LoadResource 97595->97596 97595->97599 97597 9c35cf SizeofResource 97596->97597 97596->97599 97598 9c35e3 LockResource 97597->97598 97597->97599 97598->97599 97599->97522 97601 98512e 97600->97601 97604 9c3d90 97600->97604 97606 9aece3 97601->97606 97605->97527 97609 9aeaaa 97606->97609 97608 98513c 97608->97522 97613 9aeab6 __FrameHandler3::FrameUnwindToState 97609->97613 97610 9aeac2 97622 9af2d9 20 API calls __dosmaperr 97610->97622 97612 9aeae8 97624 9a918d EnterCriticalSection 97612->97624 97613->97610 97613->97612 97614 9aeac7 97623 9b27ec 26 API calls _abort 97614->97623 97617 9aeaf4 97625 9aec0a 62 API calls 2 library calls 97617->97625 97619 9aeb08 97626 9aeb27 LeaveCriticalSection __fread_nolock 97619->97626 97621 9aead2 __fread_nolock 97621->97608 97622->97614 97623->97621 97624->97617 97625->97619 97626->97621 97630 9ae8e1 97627->97630 97629 985118 97629->97539 97631 9ae8ed __FrameHandler3::FrameUnwindToState 97630->97631 97632 9ae92d 97631->97632 97634 9ae900 ___scrt_fastfail 97631->97634 97642 9ae925 __fread_nolock 97631->97642 97645 9a918d EnterCriticalSection 97632->97645 97643 9af2d9 20 API calls __dosmaperr 97634->97643 97635 9ae937 97646 9ae6f8 38 API calls 4 library calls 97635->97646 97638 9ae91a 97644 9b27ec 26 API calls _abort 97638->97644 97639 9ae94e 97647 9ae96c LeaveCriticalSection __fread_nolock 97639->97647 97642->97629 97643->97638 97644->97642 97645->97635 97646->97639 97647->97642 97651 9ae4e8 97648->97651 97650 9f275d 97650->97541 97654 9ae469 97651->97654 97653 9ae505 97653->97650 97655 9ae478 97654->97655 97657 9ae48c 97654->97657 97662 9af2d9 20 API calls __dosmaperr 97655->97662 97661 9ae488 __alldvrm 97657->97661 97664 9b333f 11 API calls 2 library calls 97657->97664 97658 9ae47d 97663 9b27ec 26 API calls _abort 97658->97663 97661->97653 97662->97658 97663->97661 97664->97661 97666 9f2e7a 97665->97666 97667 9f2d3b 97666->97667 97668 9850f5 40 API calls 97666->97668 97669 9f28fe 27 API calls 97666->97669 97670 98511f 64 API calls 97666->97670 97667->97468 97667->97486 97668->97666 97669->97666 97670->97666 97671->97486 97673 9ae684 __FrameHandler3::FrameUnwindToState 97672->97673 97674 9ae6aa 97673->97674 97675 9ae695 97673->97675 97684 9ae6a5 __fread_nolock 97674->97684 97685 9a918d EnterCriticalSection 97674->97685 97702 9af2d9 20 API calls __dosmaperr 97675->97702 97677 9ae69a 97703 9b27ec 26 API calls _abort 97677->97703 97680 9ae6c6 97686 9ae602 97680->97686 97682 9ae6d1 97704 9ae6ee LeaveCriticalSection __fread_nolock 97682->97704 97684->97489 97685->97680 97687 9ae60f 97686->97687 97688 9ae624 97686->97688 97737 9af2d9 20 API calls __dosmaperr 97687->97737 97694 9ae61f 97688->97694 97705 9adc0b 97688->97705 97691 9ae614 97738 9b27ec 26 API calls _abort 97691->97738 97694->97682 97698 9ae646 97722 9b862f 97698->97722 97701 9b29c8 _free 20 API calls 97701->97694 97702->97677 97703->97684 97704->97684 97706 9adc23 97705->97706 97708 9adc1f 97705->97708 97707 9ad955 __fread_nolock 26 API calls 97706->97707 97706->97708 97709 9adc43 97707->97709 97711 9b4d7a 97708->97711 97739 9b59be 62 API calls 5 library calls 97709->97739 97712 9b4d90 97711->97712 97713 9ae640 97711->97713 97712->97713 97714 9b29c8 _free 20 API calls 97712->97714 97715 9ad955 97713->97715 97714->97713 97716 9ad961 97715->97716 97717 9ad976 97715->97717 97740 9af2d9 20 API calls __dosmaperr 97716->97740 97717->97698 97719 9ad966 97741 9b27ec 26 API calls _abort 97719->97741 97721 9ad971 97721->97698 97723 9b863e 97722->97723 97724 9b8653 97722->97724 97745 9af2c6 20 API calls __dosmaperr 97723->97745 97726 9b868e 97724->97726 97730 9b867a 97724->97730 97747 9af2c6 20 API calls __dosmaperr 97726->97747 97727 9b8643 97746 9af2d9 20 API calls __dosmaperr 97727->97746 97742 9b8607 97730->97742 97731 9b8693 97748 9af2d9 20 API calls __dosmaperr 97731->97748 97734 9b869b 97749 9b27ec 26 API calls _abort 97734->97749 97735 9ae64c 97735->97694 97735->97701 97737->97691 97738->97694 97739->97708 97740->97719 97741->97721 97750 9b8585 97742->97750 97744 9b862b 97744->97735 97745->97727 97746->97735 97747->97731 97748->97734 97749->97735 97751 9b8591 __FrameHandler3::FrameUnwindToState 97750->97751 97761 9b5147 EnterCriticalSection 97751->97761 97753 9b859f 97754 9b85d1 97753->97754 97755 9b85c6 97753->97755 97762 9af2d9 20 API calls __dosmaperr 97754->97762 97757 9b86ae __wsopen_s 29 API calls 97755->97757 97758 9b85cc 97757->97758 97763 9b85fb LeaveCriticalSection __wsopen_s 97758->97763 97760 9b85ee __fread_nolock 97760->97744 97761->97753 97762->97758 97763->97760 97764 a12a55 97772 9f1ebc 97764->97772 97767 a12a87 97768 a12a70 97774 9e39c0 22 API calls 97768->97774 97770 a12a7c 97775 9e417d 22 API calls __fread_nolock 97770->97775 97773 9f1ec3 IsWindow 97772->97773 97773->97767 97773->97768 97774->97770 97775->97767 97776 981cad SystemParametersInfoW 97777 9c2ba5 97778 9c2baf 97777->97778 97779 982b25 97777->97779 97781 983a5a 24 API calls 97778->97781 97805 982b83 7 API calls 97779->97805 97782 9c2bb8 97781->97782 97784 989cb3 22 API calls 97782->97784 97787 9c2bc6 97784->97787 97786 982b2f 97790 983837 49 API calls 97786->97790 97793 982b44 97786->97793 97788 9c2bce 97787->97788 97789 9c2bf5 97787->97789 97791 9833c6 22 API calls 97788->97791 97792 9833c6 22 API calls 97789->97792 97790->97793 97794 9c2bd9 97791->97794 97795 9c2bf1 GetForegroundWindow ShellExecuteW 97792->97795 97796 982b5f 97793->97796 97799 9830f2 Shell_NotifyIconW 97793->97799 97809 986350 22 API calls 97794->97809 97801 9c2c26 97795->97801 97803 982b66 SetCurrentDirectoryW 97796->97803 97799->97796 97800 9c2be7 97802 9833c6 22 API calls 97800->97802 97801->97796 97802->97795 97804 982b7a 97803->97804 97810 982cd4 7 API calls 97805->97810 97807 982b2a 97808 982c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97807->97808 97808->97786 97809->97800 97810->97807 97811 982de3 97812 982df0 __wsopen_s 97811->97812 97813 982e09 97812->97813 97815 9c2c2b ___scrt_fastfail 97812->97815 97814 983aa2 23 API calls 97813->97814 97816 982e12 97814->97816 97817 9c2c47 GetOpenFileNameW 97815->97817 97827 982da5 97816->97827 97819 9c2c96 97817->97819 97820 986b57 22 API calls 97819->97820 97822 9c2cab 97820->97822 97822->97822 97824 982e27 97845 9844a8 97824->97845 97828 9c1f50 __wsopen_s 97827->97828 97829 982db2 GetLongPathNameW 97828->97829 97830 986b57 22 API calls 97829->97830 97831 982dda 97830->97831 97832 983598 97831->97832 97833 98a961 22 API calls 97832->97833 97834 9835aa 97833->97834 97835 983aa2 23 API calls 97834->97835 97836 9835b5 97835->97836 97837 9c32eb 97836->97837 97838 9835c0 97836->97838 97843 9c330d 97837->97843 97881 99ce60 41 API calls 97837->97881 97839 98515f 22 API calls 97838->97839 97841 9835cc 97839->97841 97875 9835f3 97841->97875 97844 9835df 97844->97824 97846 984ecb 94 API calls 97845->97846 97847 9844cd 97846->97847 97848 9c3833 97847->97848 97850 984ecb 94 API calls 97847->97850 97849 9f2cf9 80 API calls 97848->97849 97851 9c3848 97849->97851 97852 9844e1 97850->97852 97853 9c384c 97851->97853 97854 9c3869 97851->97854 97852->97848 97855 9844e9 97852->97855 97856 984f39 68 API calls 97853->97856 97857 99fe0b 22 API calls 97854->97857 97858 9c3854 97855->97858 97859 9844f5 97855->97859 97856->97858 97874 9c38ae 97857->97874 97906 9eda5a 82 API calls 97858->97906 97905 98940c 136 API calls 2 library calls 97859->97905 97862 982e31 97863 9c3862 97863->97854 97864 9c3a5f 97869 9c3a67 97864->97869 97865 984f39 68 API calls 97865->97869 97869->97865 97908 9e989b 82 API calls __wsopen_s 97869->97908 97871 989cb3 22 API calls 97871->97874 97874->97864 97874->97869 97874->97871 97882 9e967e 97874->97882 97885 9f0b5a 97874->97885 97891 98a4a1 97874->97891 97899 983ff7 97874->97899 97907 9e95ad 42 API calls _wcslen 97874->97907 97876 983605 97875->97876 97880 983624 __fread_nolock 97875->97880 97878 99fe0b 22 API calls 97876->97878 97877 99fddb 22 API calls 97879 98363b 97877->97879 97878->97880 97879->97844 97880->97877 97881->97837 97883 99fe0b 22 API calls 97882->97883 97884 9e96ae __fread_nolock 97883->97884 97884->97874 97887 9f0b65 97885->97887 97886 99fddb 22 API calls 97888 9f0b7c 97886->97888 97887->97886 97889 989cb3 22 API calls 97888->97889 97890 9f0b87 97889->97890 97890->97874 97892 98a52b 97891->97892 97898 98a4b1 __fread_nolock 97891->97898 97894 99fe0b 22 API calls 97892->97894 97893 99fddb 22 API calls 97895 98a4b8 97893->97895 97894->97898 97896 99fddb 22 API calls 97895->97896 97897 98a4d6 97895->97897 97896->97897 97897->97874 97898->97893 97900 9840ae 97899->97900 97901 98400a 97899->97901 97900->97874 97902 98403c 97901->97902 97903 99fe0b 22 API calls 97901->97903 97902->97900 97904 99fddb 22 API calls 97902->97904 97903->97902 97904->97902 97905->97862 97906->97863 97907->97874 97908->97869 97909 98dee5 97912 98b710 97909->97912 97913 98b72b 97912->97913 97914 9d00f8 97913->97914 97915 9d0146 97913->97915 97928 98b750 97913->97928 97918 9d0102 97914->97918 97921 9d010f 97914->97921 97914->97928 97953 a058a2 348 API calls 2 library calls 97915->97953 97951 a05d33 348 API calls 97918->97951 97939 98ba20 97921->97939 97952 a061d0 348 API calls 2 library calls 97921->97952 97922 99d336 40 API calls 97922->97928 97925 9d03d9 97925->97925 97927 98bbe0 40 API calls 97927->97928 97928->97922 97928->97927 97931 98ba4e 97928->97931 97932 9d0322 97928->97932 97935 98a81b 41 API calls 97928->97935 97936 98aceb 23 API calls 97928->97936 97928->97939 97940 98ec40 348 API calls 97928->97940 97943 99d2f0 40 API calls 97928->97943 97944 99a01b 348 API calls 97928->97944 97945 9a0242 5 API calls __Init_thread_wait 97928->97945 97946 99edcd 22 API calls 97928->97946 97947 9a00a3 29 API calls __onexit 97928->97947 97948 9a01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97928->97948 97949 99ee53 82 API calls 97928->97949 97950 99e5ca 348 API calls 97928->97950 97954 9df6bf 23 API calls 97928->97954 97955 98a8c7 22 API calls __fread_nolock 97928->97955 97956 a05c0c 82 API calls 97932->97956 97935->97928 97936->97928 97939->97931 97957 9f359c 82 API calls __wsopen_s 97939->97957 97940->97928 97943->97928 97944->97928 97945->97928 97946->97928 97947->97928 97948->97928 97949->97928 97950->97928 97951->97921 97952->97939 97953->97928 97954->97928 97955->97928 97956->97939 97957->97925 97958 9dd3a0 97959 9dd3ab 97958->97959 97962 9dd292 97958->97962 97960 9dd3c9 97959->97960 97961 9dd3b9 GetProcAddress 97959->97961 97960->97962 97963 9dd3e4 FreeLibrary 97960->97963 97961->97960 97962->97962 97963->97962

                                                                                                                                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 009842DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 389 9842de-98434d call 98a961 GetVersionExW call 986b57 394 9c3617-9c362a 389->394 395 984353 389->395 396 9c362b-9c362f 394->396 397 984355-984357 395->397 398 9c3631 396->398 399 9c3632-9c363e 396->399 400 98435d-9843bc call 9893b2 call 9837a0 397->400 401 9c3656 397->401 398->399 399->396 402 9c3640-9c3642 399->402 415 9c37df-9c37e6 400->415 416 9843c2-9843c4 400->416 405 9c365d-9c3660 401->405 402->397 404 9c3648-9c364f 402->404 404->394 407 9c3651 404->407 408 98441b-984435 GetCurrentProcess IsWow64Process 405->408 409 9c3666-9c36a8 405->409 407->401 412 984494-98449a 408->412 413 984437 408->413 409->408 414 9c36ae-9c36b1 409->414 417 98443d-984449 412->417 413->417 418 9c36db-9c36e5 414->418 419 9c36b3-9c36bd 414->419 423 9c37e8 415->423 424 9c3806-9c3809 415->424 416->405 422 9843ca-9843dd 416->422 427 98444f-98445e LoadLibraryA 417->427 428 9c3824-9c3828 GetSystemInfo 417->428 425 9c36f8-9c3702 418->425 426 9c36e7-9c36f3 418->426 420 9c36bf-9c36c5 419->420 421 9c36ca-9c36d6 419->421 420->408 421->408 429 9c3726-9c372f 422->429 430 9843e3-9843e5 422->430 431 9c37ee 423->431 434 9c380b-9c381a 424->434 435 9c37f4-9c37fc 424->435 432 9c3704-9c3710 425->432 433 9c3715-9c3721 425->433 426->408 436 98449c-9844a6 GetSystemInfo 427->436 437 984460-98446e GetProcAddress 427->437 441 9c373c-9c3748 429->441 442 9c3731-9c3737 429->442 439 9c374d-9c3762 430->439 440 9843eb-9843ee 430->440 431->435 432->408 433->408 434->431 443 9c381c-9c3822 434->443 435->424 438 984476-984478 436->438 437->436 444 984470-984474 GetNativeSystemInfo 437->444 449 98447a-98447b FreeLibrary 438->449 450 984481-984493 438->450 447 9c376f-9c377b 439->447 448 9c3764-9c376a 439->448 445 9843f4-98440f 440->445 446 9c3791-9c3794 440->446 441->408 442->408 443->435 444->438 451 9c3780-9c378c 445->451 452 984415 445->452 446->408 453 9c379a-9c37c1 446->453 447->408 448->408 449->450 451->408 452->408 454 9c37ce-9c37da 453->454 455 9c37c3-9c37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 0098430D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00A1CB64,00000000,?,?), ref: 00984422
                                                                                                                                                                                                                                                                                                                                                                              • IsWow64Process.KERNEL32(00000000,?,?), ref: 00984429
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00984454
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00984466
                                                                                                                                                                                                                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00984474
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 0098447B
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,?,?), ref: 009844A0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fc97420d1b7fe941566ef820b6059a3e66487d6d04590a53ae1c73d25056773e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a7f3b2edaddff4581508c78fa4031abf1fbf7012244f5d541d93ad510794f461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc97420d1b7fe941566ef820b6059a3e66487d6d04590a53ae1c73d25056773e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AA1816190E3C1DFC791D7F9B8A17B57FE87F26366B08889DD0419BB22D224450BDB22
                                                                                                                                                                                                                                                                                                                                                                              Function 009842A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 817 9842a2-9842ba CreateStreamOnHGlobal 818 9842da-9842dd 817->818 819 9842bc-9842d3 FindResourceExW 817->819 820 9842d9 819->820 821 9c35ba-9c35c9 LoadResource 819->821 820->818 821->820 822 9c35cf-9c35dd SizeofResource 821->822 822->820 823 9c35e3-9c35ee LockResource 822->823 823->820 824 9c35f4-9c3612 823->824 824->820
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,009850AA,?,?,00000000,00000000), ref: 009842B2
                                                                                                                                                                                                                                                                                                                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,009850AA,?,?,00000000,00000000), ref: 009842C9
                                                                                                                                                                                                                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20), ref: 009C35BE
                                                                                                                                                                                                                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20), ref: 009C35D3
                                                                                                                                                                                                                                                                                                                                                                              • LockResource.KERNEL32(009850AA,?,?,009850AA,?,?,00000000,00000000,?,?,?,?,?,?,00984F20,?), ref: 009C35E6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fbff5863f52f1426839a65224fc1f1a1ea73fb8c79b22aab6147a394f579019e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 00ae363332aad2e73e4c5a76ebbc77ce8a94a154d11c1ed47845b750edbae52f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbff5863f52f1426839a65224fc1f1a1ea73fb8c79b22aab6147a394f579019e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C511AC70244305BFD721ABA5DC48FA77BBDEFC9B65F108169B412C6290DB71D8008620
                                                                                                                                                                                                                                                                                                                                                                              Function 009C2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00982B6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00A51418,?,00982E7F,?,?,?,00000000), ref: 00983A78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,?,?,00A42224), ref: 009C2C10
                                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,?,?,00A42224), ref: 009C2C17
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 738bbca4535ecca1e69c3f047040998abddfdb8a6097401103c9dce196d31133
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 370878f3dff25d940e36025d373a077db1be4a1b3c62bd020ad7ea865eaffe4a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 738bbca4535ecca1e69c3f047040998abddfdb8a6097401103c9dce196d31133
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD11D371608301AAC704FF70E851FBEB7A8ABD2751F44982DF082572A3CF358A4A8712
                                                                                                                                                                                                                                                                                                                                                                              Function 009ED4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 009ED501
                                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 009ED50F
                                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 009ED52F
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009ED5DC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 238ce7125f1f3aafe8e5f7a10c4e86194ca5488e1831894180a16bd19c576827
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 80a62aa46aaf1f652f66445ad0b3c266acbf759f363d77c0a4708dd47c8e1718
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 238ce7125f1f3aafe8e5f7a10c4e86194ca5488e1831894180a16bd19c576827
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1831AD71008340AFD301EF94C885BBFBBE8EFD9354F14092DF581862A1EB719A49CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009EDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,009C5222), ref: 009EDBCE
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 009EDBDD
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009EDBEE
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009EDBFA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 84afa12b2360a7ff756b09d1b8765c401b9a727bb25f3b7494dbd402a42ed21e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b7efda5b5700189591479785b48ecacf29bd9b92956087609dffcb14d8393ccb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84afa12b2360a7ff756b09d1b8765c401b9a727bb25f3b7494dbd402a42ed21e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBF0E530851910A7C221BBBCAD0D8EA376C9E01374B208702F8B6C20F0FBB45D66C6D6
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4a36c87842faa10372e9a8e45bfb4089f14d5c383fe6eb3e6f6d138c514dc721
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aa5e9a92214382bab3c297f72aaa409282226908dfb45ec5f8b943dca1c180c6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a36c87842faa10372e9a8e45bfb4089f14d5c383fe6eb3e6f6d138c514dc721
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FD012A588A108FACF509AD0DC459F9B37CBB58341F50CC53FA16E2140D63CD509A761
                                                                                                                                                                                                                                                                                                                                                                              Function 009A4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000,?,009B28E9), ref: 009A4D09
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000,?,009B28E9), ref: 009A4D10
                                                                                                                                                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 009A4D22
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f05861985d25584e36922e6f6a0de5bb3a857fbc8f0378d8127062ecd23b030
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c6597fcbca0c8a0b4d397faa68d16d0155fcf7fb9e2c3b17f7d1684effa6b1f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f05861985d25584e36922e6f6a0de5bb3a857fbc8f0378d8127062ecd23b030
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDE0B631040148BBCF11AF94DE0AA987B69EB827A5B108014FD198A162DB75EE42CA80
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetUserNameW.ADVAPI32(?,?), ref: 009DD28C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f1200cf39c883e5e16e3d8b9eb388311842f0e9bb7ef247dfec48b24b02ea5f4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a3b068836e5c55bffcf7196f8fc2afe7dfa01b64c80b40e07a17dec0d5f719cb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1200cf39c883e5e16e3d8b9eb388311842f0e9bb7ef247dfec48b24b02ea5f4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85D0C9B484212DEACF94CB90DCC8DD9B37CBB04345F104552F146B2100D73495498F20
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 0 a0aff9-a0b056 call 9a2340 3 a0b094-a0b098 0->3 4 a0b058-a0b06b call 98b567 0->4 6 a0b09a-a0b0bb call 98b567 * 2 3->6 7 a0b0dd-a0b0e0 3->7 12 a0b0c8 4->12 13 a0b06d-a0b092 call 98b567 * 2 4->13 30 a0b0bf-a0b0c4 6->30 9 a0b0e2-a0b0e5 7->9 10 a0b0f5-a0b119 call 987510 call 987620 7->10 14 a0b0e8-a0b0ed call 98b567 9->14 32 a0b1d8-a0b1e0 10->32 33 a0b11f-a0b178 call 987510 call 987620 call 987510 call 987620 call 987510 call 987620 10->33 17 a0b0cb-a0b0cf 12->17 13->30 14->10 22 a0b0d1-a0b0d7 17->22 23 a0b0d9-a0b0db 17->23 22->14 23->7 23->10 30->7 34 a0b0c6 30->34 35 a0b1e2-a0b1fd call 987510 call 987620 32->35 36 a0b20a-a0b238 GetCurrentDirectoryW call 99fe0b GetCurrentDirectoryW 32->36 82 a0b1a6-a0b1d6 GetSystemDirectoryW call 99fe0b GetSystemDirectoryW 33->82 83 a0b17a-a0b195 call 987510 call 987620 33->83 34->17 35->36 53 a0b1ff-a0b208 call 9a4963 35->53 44 a0b23c 36->44 47 a0b240-a0b244 44->47 50 a0b275-a0b285 call 9f00d9 47->50 51 a0b246-a0b270 call 989c6e * 3 47->51 64 a0b287-a0b289 50->64 65 a0b28b-a0b2e1 call 9f07c0 call 9f06e6 call 9f05a7 50->65 51->50 53->36 53->50 68 a0b2ee-a0b2f2 64->68 65->68 96 a0b2e3 65->96 71 a0b2f8-a0b321 call 9e11c8 68->71 72 a0b39a-a0b3be CreateProcessW 68->72 87 a0b323-a0b328 call 9e1201 71->87 88 a0b32a call 9e14ce 71->88 76 a0b3c1-a0b3d4 call 99fe14 * 2 72->76 102 a0b3d6-a0b3e8 76->102 103 a0b42f-a0b43d CloseHandle 76->103 82->44 83->82 105 a0b197-a0b1a0 call 9a4963 83->105 100 a0b32f-a0b33c call 9a4963 87->100 88->100 96->68 112 a0b347-a0b357 call 9a4963 100->112 113 a0b33e-a0b345 100->113 109 a0b3ea 102->109 110 a0b3ed-a0b3fc 102->110 107 a0b49c 103->107 108 a0b43f-a0b444 103->108 105->47 105->82 118 a0b4a0-a0b4a4 107->118 114 a0b451-a0b456 108->114 115 a0b446-a0b44c CloseHandle 108->115 109->110 116 a0b401-a0b42a GetLastError call 98630c call 98cfa0 110->116 117 a0b3fe 110->117 135 a0b362-a0b372 call 9a4963 112->135 136 a0b359-a0b360 112->136 113->112 113->113 121 a0b463-a0b468 114->121 122 a0b458-a0b45e CloseHandle 114->122 115->114 126 a0b4e5-a0b4f6 call 9f0175 116->126 117->116 124 a0b4b2-a0b4bc 118->124 125 a0b4a6-a0b4b0 118->125 130 a0b475-a0b49a call 9f09d9 call a0b536 121->130 131 a0b46a-a0b470 CloseHandle 121->131 122->121 127 a0b4c4-a0b4e3 call 98cfa0 CloseHandle 124->127 128 a0b4be 124->128 125->126 127->126 128->127 130->118 131->130 146 a0b374-a0b37b 135->146 147 a0b37d-a0b398 call 99fe14 * 3 135->147 136->135 136->136 146->146 146->147 147->76
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0B198
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B1B0
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B1D4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0B200
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B214
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00A0B236
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0B332
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F05A7: GetStdHandle.KERNEL32(000000F6), ref: 009F05C6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0B34B
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0B366
                                                                                                                                                                                                                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00A0B3B6
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 00A0B407
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A0B439
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0B44A
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0B45C
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0B46E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A0B4E3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 77826a6a1257b813ecc63e46fccc7f0cdea65ee023cb785a8c728865c25ef62d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8d177aff2849a32c445e03fc5132898710a54f0871d7ed42cb926a1bf1ac2297
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77826a6a1257b813ecc63e46fccc7f0cdea65ee023cb785a8c728865c25ef62d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBF19A316183449FCB14EF24D991B6EBBE5AFC5710F18855DF8998B2A2DB31EC40CB62
                                                                                                                                                                                                                                                                                                                                                                              Function 0098D730 Relevance: 21.6, APIs: 14, Instructions: 619windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 0098D807
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0098DA07
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0098DB28
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0098DB7B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0098DB89
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0098DB9F
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 0098DBB1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a84f0907a7ed2566132dc6a360f40ced957f917defda92c2b79be71887db1b63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a002d815eed88b5eeb78a3a03021ebedf2e478f3c03c678a0822c06b10fe9d2e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a84f0907a7ed2566132dc6a360f40ced957f917defda92c2b79be71887db1b63
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C042F13064A341EFD728EF24C844BAAB7E9BF96310F14891AE495873D1D775E845CB82
                                                                                                                                                                                                                                                                                                                                                                              Function 00982CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00982D07
                                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 00982D31
                                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00982D42
                                                                                                                                                                                                                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 00982D5F
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00982D6F
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 00982D85
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00982D94
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3bd88cec7890456c743c8444193cd7171e8908d50e53988037d15c09cff8bd40
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c60bf2f2a135450e20b5f6d66597f7dd8ff4ebabee5801ab6c57bba46ed07f1e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bd88cec7890456c743c8444193cd7171e8908d50e53988037d15c09cff8bd40
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921C0B5941318EFDB00DFE4E889BEDBBB8FB08725F00811AF511A62A0D7B14546CF95
                                                                                                                                                                                                                                                                                                                                                                              Function 009C065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 457 9c065b-9c068b call 9c042f 460 9c068d-9c0698 call 9af2c6 457->460 461 9c06a6-9c06b2 call 9b5221 457->461 466 9c069a-9c06a1 call 9af2d9 460->466 467 9c06cb-9c0714 call 9c039a 461->467 468 9c06b4-9c06c9 call 9af2c6 call 9af2d9 461->468 478 9c097d-9c0983 466->478 476 9c0716-9c071f 467->476 477 9c0781-9c078a GetFileType 467->477 468->466 482 9c0756-9c077c GetLastError call 9af2a3 476->482 483 9c0721-9c0725 476->483 479 9c078c-9c07bd GetLastError call 9af2a3 CloseHandle 477->479 480 9c07d3-9c07d6 477->480 479->466 494 9c07c3-9c07ce call 9af2d9 479->494 485 9c07df-9c07e5 480->485 486 9c07d8-9c07dd 480->486 482->466 483->482 487 9c0727-9c0754 call 9c039a 483->487 490 9c07e9-9c0837 call 9b516a 485->490 491 9c07e7 485->491 486->490 487->477 487->482 500 9c0839-9c0845 call 9c05ab 490->500 501 9c0847-9c086b call 9c014d 490->501 491->490 494->466 500->501 506 9c086f-9c0879 call 9b86ae 500->506 507 9c086d 501->507 508 9c087e-9c08c1 501->508 506->478 507->506 510 9c08e2-9c08f0 508->510 511 9c08c3-9c08c7 508->511 514 9c097b 510->514 515 9c08f6-9c08fa 510->515 511->510 513 9c08c9-9c08dd 511->513 513->510 514->478 515->514 516 9c08fc-9c092f CloseHandle call 9c039a 515->516 519 9c0931-9c095d GetLastError call 9af2a3 call 9b5333 516->519 520 9c0963-9c0977 516->520 519->520 520->514
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009C039A: CreateFileW.KERNEL32(00000000,00000000,?,009C0704,?,?,00000000,?,009C0704,00000000,0000000C), ref: 009C03B7
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009C076F
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 009C0776
                                                                                                                                                                                                                                                                                                                                                                              • GetFileType.KERNEL32(00000000), ref: 009C0782
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009C078C
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 009C0795
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009C07B5
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009C08FF
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009C0931
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 009C0938
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: H
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 42664477c55d7a3e4acedf21075d90dd8135f1137c68017e636fa588e8f1a614
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 213e79d321ebeb89e91e0c1b92901ae876ecf3b3907c2ce4436f78964ed8a885
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 42664477c55d7a3e4acedf21075d90dd8135f1137c68017e636fa588e8f1a614
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDA1F332E042048FDF19EFA8DC51FAE7BA4AB86320F14415DF8259B291D7359917CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0098344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00A51418,?,00982E7F,?,?,?,00000000), ref: 00983A78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00983379
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0098356A
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 009C318D
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 009C31CE
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 009C3210
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009C3277
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009C3286
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ef289fc2f14d558c6740b624b36ab8167f9d29d0c901d6f6698aa8009857014
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1680ea194c9e0bd0468f87038b395808c9887f6f1f7ab168a878a77a97158090
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ef289fc2f14d558c6740b624b36ab8167f9d29d0c901d6f6698aa8009857014
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1571A1714083019EC704EFA5DC81BABBBE8FFD6760F40482EF4459B261EB349A49CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 00982B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00982B8E
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00982B9D
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 00982BB3
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 00982BC5
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 00982BD7
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00982BEF
                                                                                                                                                                                                                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 00982C40
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: GetSysColorBrush.USER32(0000000F), ref: 00982D07
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: RegisterClassExW.USER32(00000030), ref: 00982D31
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00982D42
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: InitCommonControlsEx.COMCTL32(?), ref: 00982D5F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00982D6F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: LoadIconW.USER32(000000A9), ref: 00982D85
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00982D94
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce782979b4c1658a07ac46028365972f8e45168724b7c8bde56582ae0ed4b6a4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: badd881b661a347918ceca7c4d2a1c87f43f895edf7c6a77b40d8857cddc525c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce782979b4c1658a07ac46028365972f8e45168724b7c8bde56582ae0ed4b6a4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27214970E40318ABDB50DFE6EC69BA97FB4FB48B65F00415AE500AA6A0D3B10942CF94
                                                                                                                                                                                                                                                                                                                                                                              Function 00983170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 598 983170-983185 599 9831e5-9831e7 598->599 600 983187-98318a 598->600 599->600 601 9831e9 599->601 602 9831eb 600->602 603 98318c-983193 600->603 604 9831d0-9831d8 DefWindowProcW 601->604 605 9c2dfb-9c2e23 call 9818e2 call 99e499 602->605 606 9831f1-9831f6 602->606 607 983199-98319e 603->607 608 983265-98326d PostQuitMessage 603->608 609 9831de-9831e4 604->609 641 9c2e28-9c2e2f 605->641 611 9831f8-9831fb 606->611 612 98321d-983244 SetTimer RegisterWindowMessageW 606->612 614 9c2e7c-9c2e90 call 9ebf30 607->614 615 9831a4-9831a8 607->615 610 983219-98321b 608->610 610->609 616 9c2d9c-9c2d9f 611->616 617 983201-98320f KillTimer call 9830f2 611->617 612->610 619 983246-983251 CreatePopupMenu 612->619 614->610 633 9c2e96 614->633 620 9c2e68-9c2e72 call 9ec161 615->620 621 9831ae-9831b3 615->621 624 9c2dd7-9c2df6 MoveWindow 616->624 625 9c2da1-9c2da5 616->625 637 983214 call 983c50 617->637 619->610 638 9c2e77 620->638 629 9c2e4d-9c2e54 621->629 630 9831b9-9831be 621->630 624->610 634 9c2dc6-9c2dd2 SetFocus 625->634 635 9c2da7-9c2daa 625->635 629->604 636 9c2e5a-9c2e63 call 9e0ad7 629->636 631 983253-983263 call 98326f 630->631 632 9831c4-9831ca 630->632 631->610 632->604 632->641 633->604 634->610 635->632 642 9c2db0-9c2dc1 call 9818e2 635->642 636->604 637->610 638->610 641->604 646 9c2e35-9c2e48 call 9830f2 call 983837 641->646 642->610 646->604
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0098316A,?,?), ref: 009831D8
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?,?,?,?,0098316A,?,?), ref: 00983204
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00983227
                                                                                                                                                                                                                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0098316A,?,?), ref: 00983232
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00983246
                                                                                                                                                                                                                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 00983267
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                              • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: da5287a392344068a22b0843c383544aa54fc24cb33bfc6531b26ab532634993
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d68de94d3d924660a72d3310fa093bb9a38a956518a314667e8f53940aac95ee
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da5287a392344068a22b0843c383544aa54fc24cb33bfc6531b26ab532634993
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A412435244304AADF15BBB89C1DBBD3A1DFB45F11F04C529F912863E1EBB49A4287A2
                                                                                                                                                                                                                                                                                                                                                                              Function 00981410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 654 981410-981449 655 9c24b8-9c24b9 DestroyWindow 654->655 656 98144f-981465 mciSendStringW 654->656 660 9c24c4-9c24d1 655->660 657 98146b-981473 656->657 658 9816c6-9816d3 656->658 659 981479-981488 call 98182e 657->659 657->660 661 9816f8-9816ff 658->661 662 9816d5-9816f0 UnregisterHotKey 658->662 675 9c250e-9c251a 659->675 676 98148e-981496 659->676 663 9c2500-9c2507 660->663 664 9c24d3-9c24d6 660->664 661->657 667 981705 661->667 662->661 666 9816f2-9816f3 call 9810d0 662->666 663->660 672 9c2509 663->672 668 9c24d8-9c24e0 call 986246 664->668 669 9c24e2-9c24e5 FindClose 664->669 666->661 667->658 674 9c24eb-9c24f8 668->674 669->674 672->675 674->663 678 9c24fa-9c24fb call 9f32b1 674->678 681 9c251c-9c251e FreeLibrary 675->681 682 9c2524-9c252b 675->682 679 98149c-9814c1 call 98cfa0 676->679 680 9c2532-9c253f 676->680 678->663 692 9814f8-981503 CoUninitialize 679->692 693 9814c3 679->693 683 9c2566-9c256d 680->683 684 9c2541-9c255e VirtualFree 680->684 681->682 682->675 687 9c252d 682->687 683->680 689 9c256f 683->689 684->683 688 9c2560-9c2561 call 9f3317 684->688 687->680 688->683 695 9c2574-9c2578 689->695 694 981509-98150e 692->694 692->695 696 9814c6-9814f6 call 981a05 call 9819ae 693->696 697 9c2589-9c2596 call 9f32eb 694->697 698 981514-98151e 694->698 695->694 699 9c257e-9c2584 695->699 696->692 712 9c2598 697->712 701 981524-98152f call 98988f 698->701 702 981707-981714 call 99f80e 698->702 699->694 714 981535 call 981944 701->714 702->701 715 98171a 702->715 716 9c259d-9c25bf call 99fdcd 712->716 717 98153a-9815a5 call 9817d5 call 99fe14 call 98177c call 98988f call 98cfa0 call 9817fe call 99fe14 714->717 715->702 722 9c25c1 716->722 717->716 743 9815ab-9815cf call 99fe14 717->743 725 9c25c6-9c25e8 call 99fdcd 722->725 731 9c25ea 725->731 735 9c25ef-9c2611 call 99fdcd 731->735 741 9c2613 735->741 744 9c2618-9c2625 call 9e64d4 741->744 743->725 750 9815d5-9815f9 call 99fe14 743->750 749 9c2627 744->749 752 9c262c-9c2639 call 99ac64 749->752 750->735 755 9815ff-981619 call 99fe14 750->755 758 9c263b 752->758 755->744 760 98161f-981643 call 9817d5 call 99fe14 755->760 761 9c2640-9c264d call 9f3245 758->761 760->752 769 981649-981651 760->769 768 9c264f 761->768 771 9c2654-9c2661 call 9f32cc 768->771 769->761 770 981657-981668 call 98988f call 98190a 769->770 778 98166d-981675 770->778 776 9c2663 771->776 779 9c2668-9c2675 call 9f32cc 776->779 778->771 780 98167b-981689 778->780 785 9c2677 779->785 780->779 782 98168f-9816c5 call 98988f * 3 call 981876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00981459
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.COMBASE ref: 009814F8
                                                                                                                                                                                                                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 009816DD
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 009C24B9
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 009C251E
                                                                                                                                                                                                                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 009C254B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 22064e08d0d80a1d06abf6661594875effbc535fb048c04ec41d09bfc0285547
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0e5ef459f6c3a0a96a10b7c9c452fb27691fb348dac4675c9a882888e0744a86
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22064e08d0d80a1d06abf6661594875effbc535fb048c04ec41d09bfc0285547
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8D14731B012128FCB19EF54C999F69F7A8BF45710F2442ADE44AAB362DB31AD12CF51
                                                                                                                                                                                                                                                                                                                                                                              Function 009EDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 793 9ede27-9ede4a WSAStartup 794 9edee6-9edef2 call 9a4983 793->794 795 9ede50-9ede71 gethostname gethostbyname 793->795 803 9edef3-9edef6 794->803 795->794 797 9ede73-9ede7a 795->797 799 9ede7c-9ede81 797->799 800 9ede83-9ede85 797->800 799->799 799->800 801 9ede96-9ededb call 9a0e20 inet_ntoa call 9ad5f0 call 9eebd1 call 9a4983 call 99fe14 800->801 802 9ede87-9ede94 call 9a4983 800->802 808 9edede-9edee4 WSACleanup 801->808 802->808 808->803
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 30158819ec4e441a2aba8120b6774f7c91df86ec7e42cbfeee43bb00e7e4490d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c4219bac310ae4daef22b698035c0bca7915a2ffe3292d8772f487f2a035bfe7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30158819ec4e441a2aba8120b6774f7c91df86ec7e42cbfeee43bb00e7e4490d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F110631904114BFCB21AB61DC4EFEF77ACDF91720F0001A9F4059A091EFB18E818A91
                                                                                                                                                                                                                                                                                                                                                                              Function 00982C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 827 982c63-982cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00982C91
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00982CB2
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00981CAD,?), ref: 00982CC6
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,?,?,?,?,?,?,00981CAD,?), ref: 00982CCF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2f65e048e40f4dbd571a7e457ceb7ac6473690313637a234d1f72b38099bb396
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 09ac8ab778c2f6351f0d8737dcec99fe8f2327c8aa8dfc1773919084b19c43c6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f65e048e40f4dbd571a7e457ceb7ac6473690313637a234d1f72b38099bb396
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26F03A795803907AEB708793AC1CFB72EBDE7C6F71F01401AF900AA5B0D2610842DAB0
                                                                                                                                                                                                                                                                                                                                                                              Function 00983B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 978 983b1c-983b27 979 983b99-983b9b 978->979 980 983b29-983b2e 978->980 982 983b8c-983b8f 979->982 980->979 981 983b30-983b48 RegOpenKeyExW 980->981 981->979 983 983b4a-983b69 RegQueryValueExW 981->983 984 983b6b-983b76 983->984 985 983b80-983b8b RegCloseKey 983->985 986 983b78-983b7a 984->986 987 983b90-983b97 984->987 985->982 988 983b7e 986->988 987->988 988->985
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B40
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B61
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00983B0F,SwapMouseButtons,00000004,?), ref: 00983B83
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e35d246d8edee291c3b699eabee9c99b980b7a9f49bf2e7ba48aed96d286a17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2e7fd06a1e2244991fea19a49684231b4832544c2af3367a42ba2ff532d1706
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e35d246d8edee291c3b699eabee9c99b980b7a9f49bf2e7ba48aed96d286a17
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02112AB5510208FFDB20DFA5DC44AFEB7BCEF04B94B108959A805D7210E2319F419B60
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                                                                                                                                              control_flow_graph 989 9dd3a0-9dd3a9 990 9dd3ab-9dd3b7 989->990 991 9dd376-9dd37b 989->991 993 9dd3c9 990->993 994 9dd3b9-9dd3c7 GetProcAddress 990->994 992 9dd292-9dd2a8 991->992 998 9dd2a9 992->998 995 9dd3ce-9dd3de 993->995 994->993 994->995 995->992 999 9dd3e4-9dd3eb FreeLibrary 995->999 998->998 999->992
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 009DD3BF
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32 ref: 009DD3E5
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e34f5901813f14b4e72b702f297a8fad3b946990dbf415c1fc1fd374d6bd2703
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8bd7f3ba0bf4db69f9d166ee9b4907921b775124a107134f65b1c091590e3e6b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e34f5901813f14b4e72b702f297a8fad3b946990dbf415c1fc1fd374d6bd2703
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF055344C3610EBD7308A188C48DADB338BF00B11B64CA4BF126F6294E734CC84CB42
                                                                                                                                                                                                                                                                                                                                                                              Function 0098DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Variable must be of type 'Object'., xrefs: 009D32B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11d3a0d88fc56881fa888a688770320677a9c1a7f89f8242b51807fd69879637
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a927caba3451c9947710eb344c2e01ddd275639f7041221442fa14dc3fb48100
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11d3a0d88fc56881fa888a688770320677a9c1a7f89f8242b51807fd69879637
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61C2AD71A00205CFCB24EF98C8A0BADB7B5FF49310F24856AE916AB391D375ED41CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0098EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0098FE66
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 84e85385735cb0f09327e994992a8b5cea1f275725dec5c609fc6c06330d7791
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 058c949e5514cc08b525e1a07dac78d8fbbf36845f5978cfcabd2b2c10705896
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84e85385735cb0f09327e994992a8b5cea1f275725dec5c609fc6c06330d7791
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1B27B74608301CFCB14EF18C4A0B2AB7E5BF99310F24886EE9959B391E775ED45CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00983923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 009C33A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00983A04
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 22b87aabe51910186a3f3ad3816e42ef202f6fbe97036b24668e451a0661006f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8440b27f93c684c4f6888cf1139866b9007cc40c3b3d8da7b0cf9a890ad43002
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22b87aabe51910186a3f3ad3816e42ef202f6fbe97036b24668e451a0661006f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F31A171408300AAD725FB60DC45BEBB7DCAB80B20F00892EF59997291EB749A49C7C2
                                                                                                                                                                                                                                                                                                                                                                              Function 0099FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 009A0668
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A32A4: RaiseException.KERNEL32(?,?,?,009A068A,?,00A51444,?,?,?,?,?,?,009A068A,00981129,00A48738,00981129), ref: 009A3304
                                                                                                                                                                                                                                                                                                                                                                              • __CxxThrowException@8.LIBVCRUNTIME ref: 009A0685
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: eb79d097430dd2ae673632a8cf7e2e91c0d8868376af39bbe1016d2f3674ea87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 877ea1f27790be1ade6ea011a2a473e2c12b35b19bc1233ee1156dcfb12a507b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb79d097430dd2ae673632a8cf7e2e91c0d8868376af39bbe1016d2f3674ea87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2F0F634D0020D77CF00B6A8E856E9EB76C6EC2354B604531B828D65D1EF71EA65C5C0
                                                                                                                                                                                                                                                                                                                                                                              Function 009810F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00981BF4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00981BFC
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00981C07
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00981C12
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00981C1A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00981C22
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00981B4A: RegisterWindowMessageW.USER32(00000004,?,009812C4), ref: 00981BA2
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0098136A
                                                                                                                                                                                                                                                                                                                                                                              • OleInitialize.OLE32 ref: 00981388
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000), ref: 009C24AB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 647ceb01246de7b7fb013457b69f4684bd5fc52b59962f68eb1357a7613ff789
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fcb44e24441b34e39db6503841c8f647f4fc8ff28c5d99ff54fddd440242d44f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 647ceb01246de7b7fb013457b69f4684bd5fc52b59962f68eb1357a7613ff789
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 147188B49113008FC794EFF9A945BB53AE4FB88396754962AE40AC7361FB304887CF55
                                                                                                                                                                                                                                                                                                                                                                              Function 009EC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00983A04
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 009EC259
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,00000001,?,?), ref: 009EC261
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 009EC270
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0f598896bfab4c081ca47071ad718d8a2b9060f4f45909770434100f9204ca12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8dab16d30e25ee1b109ca50a440e00f5af5ca843b4606661eae72ddc11374204
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f598896bfab4c081ca47071ad718d8a2b9060f4f45909770434100f9204ca12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C63195B0904384AFEB23DF658855BE7BBECAF06704F004499D6EA97241C774AE86CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009B86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,?,?,009B85CC,?,00A48CC8,0000000C), ref: 009B8704
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,009B85CC,?,00A48CC8,0000000C), ref: 009B870E
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 009B8739
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 056edbde636084b437eb45927fb763170576ff216f03f00e218a9c8ee05742c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 81dfb9f7f7031f7b0e52e78edae8a4d56680117364680a687ac6056d4c9f3376
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 056edbde636084b437eb45927fb763170576ff216f03f00e218a9c8ee05742c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B014E32605720A6D664B374AB49BFF678D4BCA778F39011DF8148B1D2DEA1CC81C190
                                                                                                                                                                                                                                                                                                                                                                              Function 0098DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 0098DB7B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 0098DB89
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0098DB9F
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 0098DBB1
                                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,?,?), ref: 009D1CC9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5a607d73afb4c81255ab2266380173cc5a2403053dbe63acb7d10fd977ed254f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1af8830479744948fa944504f439ce4929dd6a65be435d05d10a0902802f4d4b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a607d73afb4c81255ab2266380173cc5a2403053dbe63acb7d10fd977ed254f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF082316853409BEB30DBB0CC89FEA73ADEB84321F108919E64AC31C0DB709449CB15
                                                                                                                                                                                                                                                                                                                                                                              Function 00991310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 009917F6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 94a79a6a4db49a37b928fce0637c94355d084b46d92036e78ea2323f67eb08bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 806f96a69fe22500487632e180f5019eb171a6b433cffbc48926f41726dd2d25
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94a79a6a4db49a37b928fce0637c94355d084b46d92036e78ea2323f67eb08bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE227B706083029FCB14DF18C494B2ABBF5BF89314F29895DF4968B3A1D735E885CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009901E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ed7aa839d00a5d559299e595a4410d9c8ce93a17796351a55dc53bfe9c750d4b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f7b76fa0f981fb9f63dbc8c014c18e57130af18ec82891a36c2154c1ea264764
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed7aa839d00a5d559299e595a4410d9c8ce93a17796351a55dc53bfe9c750d4b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F32C130A00605DFCF24DF58C885BAEB7B5AF95310F15896AF925AB3A1D731ED80CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00982DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?), ref: 009C2C8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00982DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00982DC4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7c1c18529d7b9cf126316958ca09f9f39be2fb371541eacf9ed3ff7677da27ef
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 17f0e6e01c506b4f12c835024bd5e3d25b6d23b94be763c6ba755ab8cb516238
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c1c18529d7b9cf126316958ca09f9f39be2fb371541eacf9ed3ff7677da27ef
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B221A571E002589FCF01EF94C845BEE7BFCAF89715F008059E405AB341DBB85A498FA2
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetComputerNameW.KERNEL32(?,?), ref: 009DD375
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa11ed4aef9ffc1805ee524a4003241705cac67cdb13facbc34cba2b51a9dc3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0a51722263f709ad65a55cdc0c66083cd2c2323994c20389dfd7f93af2333b0b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa11ed4aef9ffc1805ee524a4003241705cac67cdb13facbc34cba2b51a9dc3e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5D0C9B5886118EACB94CB80DCC8DD9B37CBF04341F508952F112B2100D73895489B20
                                                                                                                                                                                                                                                                                                                                                                              Function 00983837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00983908
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1079168a9654a0a7249b48d022df51b0ec1fc507b42efc141248021cd7cb0d40
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bbcd000016774f0c8e0e2ed2095e7fdd57e682895aa0eec1e283f29b8ca0828b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1079168a9654a0a7249b48d022df51b0ec1fc507b42efc141248021cd7cb0d40
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8831B470A04301DFD760EF64D894BA7BBE8FB49719F00492EF99A87350E771AA44CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 0099F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 0099F661
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098D730: GetInputState.USER32 ref: 0098D807
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 009DF2DE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 812ce267d43c6cb934302972dcac567d04e8c54db2c48a8d22fa03eefa9cac55
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8b11b4ba06bb270450631d93363e29cc595152f3c425ed230579d767ca31a96d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 812ce267d43c6cb934302972dcac567d04e8c54db2c48a8d22fa03eefa9cac55
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39F082712802059FD310FF69D455B5ABBE4EF46761F004029F859C73A0DB70A800CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0098B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 0098BB4E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ae17b891f48aa4fb2a9c1179732403af3fd63cc548d0b63939e86d137b644d32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1162b4c47b6d32447966f3d8c9a8c278c78be63b8b4f38308b1b079d879a194
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae17b891f48aa4fb2a9c1179732403af3fd63cc548d0b63939e86d137b644d32
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1532DC34A00209AFDB24EF54C894BBEB7B9FF85314F18805AE915AB361D778ED41CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00984ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E9C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00984EAE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E90: FreeLibrary.KERNEL32(00000000,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EC0
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E62
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00984E74
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00984E59: FreeLibrary.KERNEL32(00000000,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E87
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa5099fe6445abdecf573bab01bb52c806b6990aae9208261f8a9b4f4f60f66a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fdd935ad77349451ec21906c04491c87c74ba3cc31654ddd6806da11f85ab32c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa5099fe6445abdecf573bab01bb52c806b6990aae9208261f8a9b4f4f60f66a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF11E732650206AACF14FF60DC02FAD77A5AF80714F10842DF582A62C1EE749E459B50
                                                                                                                                                                                                                                                                                                                                                                              Function 009B8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69dbeaed26da149f1845cfd379ea5715ed2376a06a3f96f0e537b1492878dac8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8cb0ea9ef8a170c5551c631ad667aa191c4e1e4842039055595290f4e7242aec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69dbeaed26da149f1845cfd379ea5715ed2376a06a3f96f0e537b1492878dac8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7511187590420AAFCF05DF98EA41ADB7BF9EF48314F114059FC08AB312DA31DA11CBA5
                                                                                                                                                                                                                                                                                                                                                                              Function 009B5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B4C7D: RtlAllocateHeap.NTDLL(00000008,00981129,00000000,?,009B2E29,00000001,00000364,?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?), ref: 009B4CBE
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B506C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a2a87843f5f14e4cf1fe50fe0d46bebc68806f06b30215e92c5899b76a7649ff
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 510126722047056BE3219F659881BDAFBEDFB89370F26091DE18893280EA30A805C6B4
                                                                                                                                                                                                                                                                                                                                                                              Function 009AE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a3d938786b48cfaeaa409e091a625eef373685b00a642bf9704ccaeaf0d8a7fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4F0F432511A14A6D6313A698D09B9B339C9FD3330F100F15F825921D2DB74E80186E9
                                                                                                                                                                                                                                                                                                                                                                              Function 009B4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00981129,00000000,?,009B2E29,00000001,00000364,?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?), ref: 009B4CBE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f7be3ecd2128e477673d95c618e072c540dc19d6fbc48a86305b042af498fde8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b4060e2c1ba49087fc648489985eed1a55fb94d02fe61e9f1688ebce19f71bb7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7be3ecd2128e477673d95c618e072c540dc19d6fbc48a86305b042af498fde8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7DF0E03154222467DB215F619E05BD63F4CBF81F71F148121FC99D6183CA70DC0165D0
                                                                                                                                                                                                                                                                                                                                                                              Function 009B3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 23cc9449971297e8d25b8cdd0b5f33dfcd344678a03fd4a08e3fd8bcc8a2f5a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b957077506a8760dbd6bea0bdc8bdabe27d4ee5ca022974963f604cefe91c606
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23cc9449971297e8d25b8cdd0b5f33dfcd344678a03fd4a08e3fd8bcc8a2f5a6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6E02231140224AAE731AABB9E00BDB375CBFC37B0F168134BC1596890DB60DE0282E3
                                                                                                                                                                                                                                                                                                                                                                              Function 00984F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984F6D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e0c4a1fdbcf24e28f6475f6974afe5237327bdc5c7a06d7d135c785457426ba6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 996e711f67bbe7b69e4a09beafcfb05558bae50e45fd8819aee9d262b18d38d9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0c4a1fdbcf24e28f6475f6974afe5237327bdc5c7a06d7d135c785457426ba6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF03971105752CFDB34AF64D490822BBE8BF143293258E7EE2EA82621C7359844DF50
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00A12A66
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d65ff73c7a93acbaa3a5d1f9c80073f596cac91ab8f73d48744da9cb19ba5a0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e5e9dd1396de34fa763e64166979b4e06e2e715a38732f2db832178245761655
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d65ff73c7a93acbaa3a5d1f9c80073f596cac91ab8f73d48744da9cb19ba5a0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09E04F3639411AAACB14EB31DC84AFA735CEF903D5710453AAC26C2100DB30EDE587E0
                                                                                                                                                                                                                                                                                                                                                                              Function 009830F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0098314E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a91d7c76cfef10ffdb83b1344e8e13d15c5d6a13c87538a889d665176134787
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c7600f4511743c63931e38dd0208cf8c59c5360f398fa34e15c8e778c71a2e6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a91d7c76cfef10ffdb83b1344e8e13d15c5d6a13c87538a889d665176134787
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18F037709143149FEB92DB64DC497E57BBCB701718F0000E5A54896291DB745789CF51
                                                                                                                                                                                                                                                                                                                                                                              Function 00982DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00982DC4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1adaa06706fd866097f78b2e13228b3bbf3f71ca3f947496904887bdc26b6ff4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fa9223afe8a31a1a2caa3765c8e28cd49e60d49f705c0c7a5b09eb89c1fcbf82
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1adaa06706fd866097f78b2e13228b3bbf3f71ca3f947496904887bdc26b6ff4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98E0CD76A042245BC710E2989C05FDA77DDDFC8790F044075FD09D7248DA70ED808651
                                                                                                                                                                                                                                                                                                                                                                              Function 00982B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00983908
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098D730: GetInputState.USER32 ref: 0098D807
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00982B6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009830F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0098314E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f7efcdb52ed936d34acf35b22d44dc0a1a4e4a55c89ba73c05dec13731555029
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 40d59838b33a74add9b3bc1da2055efa313ee741ed1c1ce284aa3a87854bec91
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7efcdb52ed936d34acf35b22d44dc0a1a4e4a55c89ba73c05dec13731555029
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CE0866230524406CA04BB74A8527BDE7599BD1756F40553EF546873E2CE24494A4352
                                                                                                                                                                                                                                                                                                                                                                              Function 009EDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 009EDF40
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 85af0c5c0326b3dd83d052b8559a4f0961008ceec7a68c053103830d98a26714
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 58e1f3561c134c52f863271fa3e039bd916a0b408f73b9acd9b00467999a598e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85af0c5c0326b3dd83d052b8559a4f0961008ceec7a68c053103830d98a26714
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47D05EA2A002282BDF60E6749C0DDF73AACCB80264F0006A0786DD3152E920DD4586B0
                                                                                                                                                                                                                                                                                                                                                                              Function 009C039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,00000000,?,009C0704,?,?,00000000,?,009C0704,00000000,0000000C), ref: 009C03B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 27524e543146922a14432c5bfa0f4f0c61e9ec28acc41a0add54b95ea6af45cd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cda965eeefde909c94b4dd55601576e35279055284fed9f5403a1474e3f162f9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27524e543146922a14432c5bfa0f4f0c61e9ec28acc41a0add54b95ea6af45cd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDD06C3208010DBBDF028F84DD06EDA3BAAFB48714F018100BE1856020C732E822AB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00981CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00981CBC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6c860f5ee40e79493834638a1445b7256aaac9ed327fc65e18429d248888384e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2dd8e3da9b11631336c53d6b5c80cbc0e0034563d04f3006a7d51f8f6756dcb1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c860f5ee40e79493834638a1445b7256aaac9ed327fc65e18429d248888384e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCC092362C0304AFF215CBC0BC5EF607765B358B26F048401F609AD5F3D3A22822EB50

                                                                                                                                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                              Function 00A19576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00A1961A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A1965B
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00A1969F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A196C9
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A196F2
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 00A1978B
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000009), ref: 00A19798
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00A197AE
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 00A197B8
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00A197E9
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A19810
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001030,?,00A17E95), ref: 00A19918
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00A1992E
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00A19941
                                                                                                                                                                                                                                                                                                                                                                              • SetCapture.USER32(?), ref: 00A1994A
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00A199AF
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00A199BC
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A199D6
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00A199E1
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A19A19
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A19A26
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A19A80
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A19AAE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A19AEB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A19B1A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00A19B3B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00A19B4A
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A19B68
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A19B75
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 00A19B93
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 00A19BFA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A19C2B
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00A19C84
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00A19CB4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00A19CDE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32 ref: 00A19D01
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00A19D4E
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00A19D82
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A19E05
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b1a4ae149677c09b42da1ed858c3a724e6083d2cd499af01af1ddaf7835b0a93
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 635a56c16769344b6ed71c58d50fdace3a9ca0d80c3a3391d71d4e8062b3fb7c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1a4ae149677c09b42da1ed858c3a724e6083d2cd499af01af1ddaf7835b0a93
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 23427C74204241EFDB25CF68CC54BEBBBE5FF89320F144629F6A9872A1D731A891CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 00A14873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00A148F3
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00A14908
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00A14927
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00A1494B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00A1495C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00A1497B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00A149AE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00A149D4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00A14A0F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A14A56
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00A14A7E
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00A14A97
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A14AF2
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00A14B20
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A14B94
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00A14BE3
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00A14C82
                                                                                                                                                                                                                                                                                                                                                                              • wsprintfW.USER32 ref: 00A14CAE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A14CC9
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A14CF1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00A14D13
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A14D33
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,00000000,00000001), ref: 00A14D5A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 660056d0a63651b02444845fdb8933f217e85ffabc9a89c1ce624ccdc08fe132
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73feb5f7f601119932d2bf4e8647bce16137ed04541997fecf446e79b78533dc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 660056d0a63651b02444845fdb8933f217e85ffabc9a89c1ce624ccdc08fe132
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E12E071640214ABEB248F68CC49FEE7BF9EF89720F144129F515DB2E1DB789982CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 0099F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0099F998
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009DF474
                                                                                                                                                                                                                                                                                                                                                                              • IsIconic.USER32(00000000), ref: 009DF47D
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000009), ref: 009DF48A
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 009DF494
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 009DF4AA
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 009DF4B1
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 009DF4BD
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 009DF4CE
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001), ref: 009DF4D6
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 009DF4DE
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 009DF4E1
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF4F6
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 009DF501
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF50B
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 009DF510
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF519
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 009DF51E
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 009DF528
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 009DF52D
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 009DF530
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(?,000000FF,00000000), ref: 009DF557
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d0bd5185f355bfa0cdd75d60793530c5b41636e7ccba351b9a45cca5eaeffa2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 87072a120f8019b340394eeb7ab2ad16c776586e2d5acfe1f11d60cf25f21b83
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d0bd5185f355bfa0cdd75d60793530c5b41636e7ccba351b9a45cca5eaeffa2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30314371AC0318BBEB21ABF55C4AFBF7E6DEB44B60F108466F601E61D1C6B15D01AA60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: GetLastError.KERNEL32 ref: 009E174A
                                                                                                                                                                                                                                                                                                                                                                              • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 009E1286
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 009E12A8
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009E12B9
                                                                                                                                                                                                                                                                                                                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009E12D1
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessWindowStation.USER32 ref: 009E12EA
                                                                                                                                                                                                                                                                                                                                                                              • SetProcessWindowStation.USER32(00000000), ref: 009E12F4
                                                                                                                                                                                                                                                                                                                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 009E1310
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009E11FC), ref: 009E10D4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10BF: CloseHandle.KERNEL32(?,?,009E11FC), ref: 009E10E9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e1edce20df4cc50916c872853b9edca8bfbaedf64ec2b00cf0cdae46aa34e47
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dc7e380d2164928b2077dbdd2cffd6d7a48ddbf0759e820b5d25be8f314edba2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e1edce20df4cc50916c872853b9edca8bfbaedf64ec2b00cf0cdae46aa34e47
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69819A72900289ABDF22DFA5DC49FEE7BBDEF48710F148129F910A62A0D7718D45CB64
                                                                                                                                                                                                                                                                                                                                                                              Function 009E0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 009E0BCC
                                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 009E0C00
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 009E0C17
                                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 009E0C51
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009E0C6D
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 009E0C84
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 009E0C8C
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 009E0C93
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 009E0CB4
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 009E0CBB
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 009E0CEA
                                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 009E0D0C
                                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 009E0D1E
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D45
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0D4C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D55
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0D5C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0D65
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0D6C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 009E0D78
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0D7F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: GetProcessHeap.KERNEL32(00000008,009E0BB1,?,00000000,?,009E0BB1,?), ref: 009E11A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,009E0BB1,?), ref: 009E11A8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009E0BB1,?), ref: 009E11B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4d3d81b213c5290d66130b71e43e8c469ced4a6dc4c80e4873b0e8c7901791cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8171718909273c41859ab916f21f3dabd8600995fea9b2473e31c55c8b250ad8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d3d81b213c5290d66130b71e43e8c469ced4a6dc4c80e4873b0e8c7901791cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1671997290025AABDF11DFE5DC44BEEBBBCBF48310F148215E954A7191D7B4AE82CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009FEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • OpenClipboard.USER32(00A1CC08), ref: 009FEB29
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 009FEB37
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 009FEB43
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 009FEB4F
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 009FEB87
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 009FEB91
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 009FEBBC
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 009FEBC9
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 009FEBD1
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 009FEBE2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 009FEC22
                                                                                                                                                                                                                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000F), ref: 009FEC38
                                                                                                                                                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000F), ref: 009FEC44
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 009FEC55
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 009FEC77
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 009FEC94
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 009FECD2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 009FECF3
                                                                                                                                                                                                                                                                                                                                                                              • CountClipboardFormats.USER32 ref: 009FED14
                                                                                                                                                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 009FED59
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fad412407564933f58c26ef99709fdf29fdb71fbe68ed1c12ffb9f9e92c77db1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b1ca7b5c2df06c5254c94f4c96db57b9228eef9b8becc80ed5be88fd14a4a16
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fad412407564933f58c26ef99709fdf29fdb71fbe68ed1c12ffb9f9e92c77db1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB61CF34244305AFD300EF64D888FBA77A8AF84724F188559F596972B2DB31DD46CB62
                                                                                                                                                                                                                                                                                                                                                                              Function 009F698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009F69BE
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F6A12
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009F6A4E
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 009F6A75
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F6AB2
                                                                                                                                                                                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 009F6ADF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a7995fd0c021e7a62df787a374a4fa0acefc4ff342b0310c690542db927788e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b5bef4f45f0b1e4ec6d40a323e403090bef8cdcf6a9ea0e955b8f60599955686
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a7995fd0c021e7a62df787a374a4fa0acefc4ff342b0310c690542db927788e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CD14EB2508304AEC710EFA4D991EBBB7ECAF98704F04491DF589D6291EB74DA44CB62
                                                                                                                                                                                                                                                                                                                                                                              Function 009F9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 009F9663
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 009F96A1
                                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 009F96BB
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 009F96D3
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F96DE
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 009F96FA
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F974A
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00A46B7C), ref: 009F9768
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 009F9772
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F977F
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F978F
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 47fac364245d4efe0eb7c2b3e2067b468dfa7bd9c431db4124b85a9ef9b31269
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d2afa46118386d5842fdfad62bb90abccaf32f258c4cab3bc2abbc651f8fc8d8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47fac364245d4efe0eb7c2b3e2067b468dfa7bd9c431db4124b85a9ef9b31269
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6531BE3668061D7BDB10EFB4DC08BEE77ACAF49331F108556FA25E20A0EB34DA458B54
                                                                                                                                                                                                                                                                                                                                                                              Function 009F979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 009F97BE
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 009F9819
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F9824
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 009F9840
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F9890
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00A46B7C), ref: 009F98AE
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 009F98B8
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F98C5
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F98D5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 009EDB00
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 52767a259a0767fb04b03579b77a9e7a262fd1c21e4e670a0c7570d5be5a564e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5a013c9048e4385c520651e864208206b83a1f58efba9c0c15ea1501c0c44cb4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52767a259a0767fb04b03579b77a9e7a262fd1c21e4e670a0c7570d5be5a564e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9331923554061D7ADB10EFA4DC48BEE77ACAF46370F148555E924A2190DB70DE858B60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BF3E
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00A0BFA9
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0BFCD
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00A0C02C
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00A0C0E7
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C154
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C1E9
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0C23A
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00A0C2E3
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A0C382
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0C38F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3102970594-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8fed042b61773f8539a0379bc87a07b4338fd021b6c2259f1ec86a7510b0eee2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1caf20382141574e707972217cc8904656ad70cc1a9ff0fab7519e601c382ba3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fed042b61773f8539a0379bc87a07b4338fd021b6c2259f1ec86a7510b0eee2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40025C71604204AFD714DF28D895E2ABBE5EF89314F18C59DF84ACB2A2D731EC46CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 009ED076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009ED122
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 009ED1DD
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 009ED1F0
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 009ED20D
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 009ED237
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009ED29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,009ED21C,?,?), ref: 009ED2B2
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,?,?), ref: 009ED253
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009ED264
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d7d0c16dbc88b81ed00f1bd9278975e57200ca03eb13b82241ca5eb4563665be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fc0d859c3f5596cbc192058b0d86b6fba74b47f2284761bb74bc4d88b1be8e2a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7d0c16dbc88b81ed00f1bd9278975e57200ca03eb13b82241ca5eb4563665be
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97613B3180614DABCF06FBE1CA52AFDB779AF95300F248165E41277291EB35AF09CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009FED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2b6bca281e77385d0d50c35265b66065e401f8e3a6389816bd7944d975d99326
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 58ba85d120d0ab93a53e7052bacae95d19885df95610905466e01ea04b53c95c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b6bca281e77385d0d50c35265b66065e401f8e3a6389816bd7944d975d99326
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC419F35604611AFE310DF55E848F69BBE9FF44328F14C499E5658B6B2C735EC42CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E16C3: GetLastError.KERNEL32 ref: 009E174A
                                                                                                                                                                                                                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 009EE932
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 64c6a279782d40f6b5dd93c58e14eb8f2793cff46f41ad7eac102bcfddc17468
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 28f6f8959552b6f84103c68e5311d8a1a15f609e4a7be9de33ae0270154ce445
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 64c6a279782d40f6b5dd93c58e14eb8f2793cff46f41ad7eac102bcfddc17468
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7014972650251ABEB1662B69C86FFF72DCA708790F144821FC03E31D3E6B49C4481A0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A01204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00A01276
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01283
                                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00A012BA
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A012C5
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00A012F4
                                                                                                                                                                                                                                                                                                                                                                              • listen.WSOCK32(00000000,00000005), ref: 00A01303
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A0130D
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00A0133C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 20822531e79c8fdfc4ecfd778e28a340cabecaa48b81d2d5b198792db2bea879
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b156730e1f2438357b20b814dc2b0175e18c103e8637b36d4aa1cf65ea985975
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20822531e79c8fdfc4ecfd778e28a340cabecaa48b81d2d5b198792db2bea879
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44416171A001049FD710DF64D484BA9BBE5AF8A328F188198E8569F2D2C771ED82CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 009BB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BB9D4
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BB9F8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BBB7F
                                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00A23700), ref: 009BBB91
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00A5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 009BBC09
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00A51270,000000FF,?,0000003F,00000000,?), ref: 009BBC36
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BBD4B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8d1a414a07a08713631387cc5b927c5d67b256e24b85cbf536a31f7852781719
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 080ea690ac76038425beeae61de5d61dcae7349f8d34967d0e2e56cd9eb21b87
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d1a414a07a08713631387cc5b927c5d67b256e24b85cbf536a31f7852781719
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAC1E471904205AEDB20DF69CE51BEEBBECEF81330F1445AAE494972D1EBB09E42C750
                                                                                                                                                                                                                                                                                                                                                                              Function 009ED3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009ED420
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?), ref: 009ED470
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 009ED481
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009ED498
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009ED4A1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4836b4977d9979cb26766df3d333865138da2806662b18542be7dee94f491915
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3eb4008e75c4162c7ed8d7f56e46e75b0f395c44249bfb2a9df6af9a4a3e6d7d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4836b4977d9979cb26766df3d333865138da2806662b18542be7dee94f491915
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95314F710093859FC305FF64D8919AFB7A8AEE5314F448A1EF4D1522E1FB35AE098763
                                                                                                                                                                                                                                                                                                                                                                              Function 009BE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3178a6b6dca99dabbb24f07e23ff44aa9f0e88817b4f06eb187c6ff645702daa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e40e6341e13223f4ecc4e4afc9c95d0fede2666e839a7a762a3cc9fc49d406df
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3178a6b6dca99dabbb24f07e23ff44aa9f0e88817b4f06eb187c6ff645702daa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43C25C71E046288FDB25CF28DE507EAB7B9EB85314F1445EAD44DE7241E778AE818F40
                                                                                                                                                                                                                                                                                                                                                                              Function 009F648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F64DC
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 009F6639
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00A1FCF8,00000000,00000001,00A1FB68,?), ref: 009F6650
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 009F68D4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a812dd594d154f608c609563f67f806fbf3daf4117d72ecbab943f8f583d1f92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f24aa4de5dee947509c7ed0c7613113d94649349e730deb5700ff0884b797ea4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a812dd594d154f608c609563f67f806fbf3daf4117d72ecbab943f8f583d1f92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37D14771508305AFD304EF24C881A6BB7E8FFD8704F14496DF5959B2A1EB71E909CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 00A022DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32(?,?,00000000), ref: 00A022E8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009FE4EC: GetWindowRect.USER32(?,?), ref: 009FE504
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A02312
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00A02319
                                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00A02355
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A02381
                                                                                                                                                                                                                                                                                                                                                                              • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00A023DF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f4589c0cfb366630386baa2a4d65320a4ede1faf619d9f4520c070797f357885
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c1d843e177fc0f13dca1bc2474789fc8d2b6c7d197f10242caca0825a558a11
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4589c0cfb366630386baa2a4d65320a4ede1faf619d9f4520c070797f357885
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77310072144309AFC720DF54D848B9BBBEAFF84720F004919F9949B191DB34EA09CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009F9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 009F9B78
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 009F9C8B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F3874: GetInputState.USER32 ref: 009F38CB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009F3966
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 009F9BA8
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 009F9C75
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a6042b7cbe9942dc3f9e55f5d950c88f3576a3168aa88ba9b4ab4cb560a3f5a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 005b2b8fe4840af436a0d953e47155a1843974b9bb012cd9fb7434fbf9ebd1c3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6042b7cbe9942dc3f9e55f5d950c88f3576a3168aa88ba9b4ab4cb560a3f5a2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B441617194420EAFCF14EFA4C845BFE7BB8EF45311F148156E959A2291EB309E85CF60
                                                                                                                                                                                                                                                                                                                                                                              Function 0099997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 00999A4E
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00999B23
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 00999B36
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d55eb680deb26687ec5b3d5adcf665e260830df5820aa152782ebf17c942ff7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 687d6db51d23725e2337327d944a05e8ca5b0b7e2b9134cf6a1617bc50e7345f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d55eb680deb26687ec5b3d5adcf665e260830df5820aa152782ebf17c942ff7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DBA12970149504BFEF28DABC8C98FBF669DEB86350F14860EF402D6691DA29DD41D272
                                                                                                                                                                                                                                                                                                                                                                              Function 00A01806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0304E: _wcslen.LIBCMT ref: 00A0309B
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00A0185D
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01884
                                                                                                                                                                                                                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00A018DB
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A018E6
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00A01915
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fedf23f35654e826a764ce0c4d461d757e8122dbe0a09ceed7e13790dd09f20d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 20eb5b58ad12015abd7c8d47d7c5050cb729c8f478fc71b683dbf1154d0f4c1f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fedf23f35654e826a764ce0c4d461d757e8122dbe0a09ceed7e13790dd09f20d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9951A271A00200AFEB10EF64D886F6A77E5AB84718F18C498FA159F3D3D771AD41CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A11C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 603933250712cc0ad1ff45263ce437c99e24a1b4b8be0213f7520c443e31b0e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4a080e7a5703d0020b35df091b147e6cf9d992db20207ec34b22771a6644831f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 603933250712cc0ad1ff45263ce437c99e24a1b4b8be0213f7520c443e31b0e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3521B5317802115FD7209F2AD884FAA7BE5EF85364F198058E946CB351DB71DC82CBD4
                                                                                                                                                                                                                                                                                                                                                                              Function 00988060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9fcb68debc02c3750969d49dbe6bcf00725382215995be933319fb75302f1ddf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ec271effbd8fc9756521eae906730df968b335cecc51bebfa5fd66338cfe5909
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fcb68debc02c3750969d49dbe6bcf00725382215995be933319fb75302f1ddf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38A2A371E0021ACBDF24DF58C840BAEB7B5BF54310F6585AAE815A7385EB34AD81CF61
                                                                                                                                                                                                                                                                                                                                                                              Function 009EAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 009EAAAC
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080), ref: 009EAAC8
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 009EAB36
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 009EAB88
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 794ae3eb13ca35d738b85be6815f7fd1373785b6f314463831e38b654d42a972
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3159848e0f3555381d2002f5acb8c58092440e24524d749a3e9ed482b1cd2725
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 794ae3eb13ca35d738b85be6815f7fd1373785b6f314463831e38b654d42a972
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98311C30A40288AEFB36CA66CC05BFA77ABAB54320F0C421AF191961F1D374AD85C752
                                                                                                                                                                                                                                                                                                                                                                              Function 009FCE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,?,00000400,?), ref: 009FCE89
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 009FCEEA
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000), ref: 009FCEFE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 93c440dde67015be1fc2fe5c12d59a856ca153c86302badbaee2f4c3063d1b68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3526e9861fbefeeba35125a51ab3b53032b7cd5c91dbf1e41cc6a6f9dda814b9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93c440dde67015be1fc2fe5c12d59a856ca153c86302badbaee2f4c3063d1b68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B921BDB154030DABDB20DFA5CA48BB6B7FCEF40354F10882EE646D2151E774EE058BA4
                                                                                                                                                                                                                                                                                                                                                                              Function 009E8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 009E82AA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6b870d6b8b6fccf00653e3740145820ccde40f4bdc39b9f9e07c6a19d21081ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9dbde40b4db1058d3f2fee50dfefa6ddf2869e2151b741b453d413b054d225ae
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b870d6b8b6fccf00653e3740145820ccde40f4bdc39b9f9e07c6a19d21081ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B323575A007459FCB29CF5AC481A6AB7F0FF48710B15C56EE49ADB3A1EB70E941CB40
                                                                                                                                                                                                                                                                                                                                                                              Function 009F5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009F5CC1
                                                                                                                                                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 009F5D17
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(?), ref: 009F5D5F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1fb976f4df8b7959d2b93a4842d0748a3e21483c43827e3011c4c1667d707a0f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: acf38d53bec854ab4c45fc72113d6c739368baea9b56a8d74d313158dd537868
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fb976f4df8b7959d2b93a4842d0748a3e21483c43827e3011c4c1667d707a0f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6951BC74604A059FC714DF28C494EA6B7E8FF4A324F15855DEAAA8B3A1DB30EC05CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 009B2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 009B271A
                                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 009B2724
                                                                                                                                                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 009B2731
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8ba52bad7979d20cdd48123285e0ef5abd01c7e2b8591b4f7a1236dec841f49f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5faf50c0785520b9c8b9b3e75b4b5630e667aff777cb4117f097ba8d24b5ed5d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ba52bad7979d20cdd48123285e0ef5abd01c7e2b8591b4f7a1236dec841f49f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5431D5749412189BCB21DF68DD897DCB7B8EF48320F5041EAE41CA7260EB309F818F84
                                                                                                                                                                                                                                                                                                                                                                              Function 009F51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 009F51DA
                                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 009F5238
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 009F52A1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fadab8b5add0ef56bf10caf51c8e93142e030178088f77a8e8bdb0390aadccd3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 244b04cb8c2b204da4caa19df6a83178826bdb6b4cbd28b8094c0c9ee108be8f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fadab8b5add0ef56bf10caf51c8e93142e030178088f77a8e8bdb0390aadccd3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63314D75A005189FDB00DF94D884FEDBBB4FF49318F098199E905AB362DB31E856CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009A0668
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 009A0685
                                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 009E170D
                                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 009E173A
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009E174A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e149e4f4ccd9c82bd08bb1b595fc40699feb88570478a9bfc8b836ad2c2396e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2196d0b25f00810fb556aa61d57c482535158e127476e6f2e252759a41cf4d5c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e149e4f4ccd9c82bd08bb1b595fc40699feb88570478a9bfc8b836ad2c2396e1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC1191B2414305AFD718DF54DC86EAAB7BDEB48B24B20852EE05697681EB71BC41CA24
                                                                                                                                                                                                                                                                                                                                                                              Function 009ED5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009ED608
                                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 009ED645
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 009ED650
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9dd52c28d43539317d0d67db154463842ef82b2699f05b262703f9f7be91c1a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 711d4dab008f971491603637caba280dc1dc81a4a64debb3575c4d9a75ec14ec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dd52c28d43539317d0d67db154463842ef82b2699f05b262703f9f7be91c1a7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27117C71E41228BBDB108F959C44FEFBBBCEB45B60F108111F914E7290C2704A018BA1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 009E168C
                                                                                                                                                                                                                                                                                                                                                                              • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 009E16A1
                                                                                                                                                                                                                                                                                                                                                                              • FreeSid.ADVAPI32(?), ref: 009E16B1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ceb697ad8f6cd2f36e8fba144e0f0946a37d1f83d5646420da12dcd5b6ab3b82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b9cb9fc704ec4b73e5196bcc0de1719978f5a4cb3fc8a88f2e8976acfa3e21f1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceb697ad8f6cd2f36e8fba144e0f0946a37d1f83d5646420da12dcd5b6ab3b82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFF0F471990309FBDB00DFE49C89EAEBBBCEB08614F508565E501E2181E774AA448A50
                                                                                                                                                                                                                                                                                                                                                                              Function 009BC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: /
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e5964a2a114593d48d6700ef5b2ed88c757c986950b3bcbe268f536bf7aa1809
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a8de1a91a917e655f1a9549b25a6412d5374105f63bcf1f64c7683734bd9840
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5964a2a114593d48d6700ef5b2ed88c757c986950b3bcbe268f536bf7aa1809
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B04136B6900219ABCB209FB9CD88EFB77BCEBC4324F504269F915D7180E670DE818B50
                                                                                                                                                                                                                                                                                                                                                                              Function 009ACAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce3983a45759edc961097712dcbdacefb6b9c5d1677c656779f90e10e5ebe629
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1020CB1E002199FDF14CFA9C8806ADBBF5EF89324F254569D819EB384D731AD418BD4
                                                                                                                                                                                                                                                                                                                                                                              Function 009F68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 009F6918
                                                                                                                                                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 009F6961
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e62d5922194a85b7eb1fccd739a27aefb73328b6fe9a64dafde5c6b5eca3fb93
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5520028c039d8a2bb69a03d856b07932bd5452db160db1e67547d9e929a03017
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e62d5922194a85b7eb1fccd739a27aefb73328b6fe9a64dafde5c6b5eca3fb93
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B711D0756042009FD710DF69D484A26BBE4FF84328F14C699F5698F3A2C770EC45CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009F37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00A04891,?,?,00000035,?), ref: 009F37E4
                                                                                                                                                                                                                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00A04891,?,?,00000035,?), ref: 009F37F4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69a0d5c6bba4f66824b39fb9e0244e29129fdbf750003c95966af9ed84c040a4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e45ce7ab6a5aa19628a51a1843cc86d454d5794d6c48a327555e8e5dc1c4697a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69a0d5c6bba4f66824b39fb9e0244e29129fdbf750003c95966af9ed84c040a4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDF0E5B06042282AE72067A69C4DFEB7AAEEFC5771F004165F609D2281DAA09944C7B0
                                                                                                                                                                                                                                                                                                                                                                              Function 009EB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 009EB25D
                                                                                                                                                                                                                                                                                                                                                                              • keybd_event.USER32(?,7694C0D0,?,00000000), ref: 009EB270
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7bfe5e66b1314890d6df509d7dab8bfcf8f2546ef969bf312148237f58e4b217
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4656370aaeb928d05c53b3271d23bc7dcc61ed9e660afb7f5f7ab733d2e0574d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7bfe5e66b1314890d6df509d7dab8bfcf8f2546ef969bf312148237f58e4b217
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06F01D7184428DABDB06DFA1C805BEE7BB4FF04315F008409F965A5191C37986119F94
                                                                                                                                                                                                                                                                                                                                                                              Function 009E10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,009E11FC), ref: 009E10D4
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,009E11FC), ref: 009E10E9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 35fbd5cec02a512074520e321342a92149f4bc83f534487183efb23c9801d9bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bc600462ddede7f26dc5211f32617790f7e57ce59a73cf112aecbc1ef7a94a20
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35fbd5cec02a512074520e321342a92149f4bc83f534487183efb23c9801d9bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22E04F32004610AFEB256B55FC05FB3B7A9EB04320F20C82DF4A5804B1DB626C90DB10
                                                                                                                                                                                                                                                                                                                                                                              Function 0098CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • Variable is not of type 'Object'., xrefs: 009D0C40
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b5f9e041c59bab0f9711e76c52ebfb3d18a5e2e2ba2ebe210497f7714b1e2e4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 237572a9824d55ab8fd4209d92c4b513b19f71347b284880e549e037fc4e3638
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5f9e041c59bab0f9711e76c52ebfb3d18a5e2e2ba2ebe210497f7714b1e2e4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FD32ACB0900218DFDF14EF94D881BEDB7B9BF85308F14845AE806AB392D775AE45CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009B676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,009B6766,?,?,00000008,?,?,009BFEFE,00000000), ref: 009B6998
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0589846c9924a94418393bc569f02ada4ffc7b0e1bd7267a500d671860a6b518
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 95cbc31b8f97a5e5a2ce95d299399d563fc073a329adf00a9a7e75889ae99538
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0589846c9924a94418393bc569f02ada4ffc7b0e1bd7267a500d671860a6b518
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9B14D32510608DFDB15CF28C586BA57BE0FF45364F298658E899CF2A2C739E991CB40
                                                                                                                                                                                                                                                                                                                                                                              Function 0099B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce1d3325800a2c2bcfb2852792884a9676a63e0ab1c75e76d3142233af8246bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a06bfc7cf025996b45e41b9cd067a3fd666539d06b60738a69a3b179495d4e68
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce1d3325800a2c2bcfb2852792884a9676a63e0ab1c75e76d3142233af8246bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8126E759002299FCF24CF58D9817EEB7B9FF48710F14819AE849EB252DB349A81DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 009FEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 009FEABD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 680fd4a4a625debc67c7fa589097fe1f3f23aab5a402e2e388465d2a3440b898
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c27d842c3b6a84bfa84d5344db9792b03eb7ca354a9a61dbed5a025911bb38f2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 680fd4a4a625debc67c7fa589097fe1f3f23aab5a402e2e388465d2a3440b898
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68E01A752002049FD710EF59D804E9ABBE9AF98760F008416FD49C7361DA70E8418BA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009A09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,009A03EE), ref: 009A09DA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 02b79721f2bbe7253eff5d8712cc9973861cce51cf7d08b17b682af878f2009c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b1f24d40c249058953428538a0e57ea5b9824cc859a9a90d66fa19601f6d79b7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02b79721f2bbe7253eff5d8712cc9973861cce51cf7d08b17b682af878f2009c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                              Function 009A781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4557397f1efb42b266cd4e75690e0bde83ce5fee815add57a66017f868a4cc99
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A51356260C6056BDB3885EC8C9F7BFE78D9B83340F18091AD886D7282CA1DDE45D3D6
                                                                                                                                                                                                                                                                                                                                                                              Function 009B6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 45e6d4afdbd5d2606eceac6d7bb8938e3534ef40204919e0bf1e28e00670289e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7fa442219ddc8a2b4da4febef32f4ed9c3fa8bf28586446d6236d08d62a396ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45e6d4afdbd5d2606eceac6d7bb8938e3534ef40204919e0bf1e28e00670289e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15320122D29F014DD7339678C922335A68DAFB73E5F15D737F81AB59A9EB29C4834200
                                                                                                                                                                                                                                                                                                                                                                              Function 0099CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7af43cc4e2ed9c9ded99e426b11dc461b5f8c5438a787838734098625c346984
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 88459ba00d6a3648fce73c032a4e7a023f214973bb79a20d6011e4f48eb7a1fd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7af43cc4e2ed9c9ded99e426b11dc461b5f8c5438a787838734098625c346984
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D53205B2A801178BDF28CF68C89467D7BA9EB45301F28CD6BD489DB391E635DD81DB40
                                                                                                                                                                                                                                                                                                                                                                              Function 00987920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9bee99a62740390f40fb5eb86a614f25ed00affae4688521d38babf9c0377f3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3522f4bff94667dd9a3e30eafdcfb5f3aa1e1d49d2c6cfcabb02be104adb03e3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9bee99a62740390f40fb5eb86a614f25ed00affae4688521d38babf9c0377f3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE227E70E0460ADBDF14DFA4C941BAEB7B6FF84300F244529E816A7391EB36E951CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009891C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ad6009e92cc08500abd906f92336aa7f050209a355200c51211306ffd5713431
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aca6331fb5bab3d980870478c845fd1acdf14f666cde8fb26ec67455ec5de2da
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad6009e92cc08500abd906f92336aa7f050209a355200c51211306ffd5713431
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C30281B1E0020AEBDF04DF54D881BAEB7B5FF84300F148569E8169B391EB35AE51CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 009B9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5f356b4e052dc7c42f1bf61b2962ceac6710de5a30d98c60e8b797f313fde6c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1b3a1071470d6215ad766fb7404302d2574fdf6e8a88a1733337b0cc1df04f2a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f356b4e052dc7c42f1bf61b2962ceac6710de5a30d98c60e8b797f313fde6c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDB10221D2AF414DC723D6398831336B65CAFBB6D5F91D72BFC2678D22EB2686834140
                                                                                                                                                                                                                                                                                                                                                                              Function 009A7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cce7e308a26ed1cefe69abd711f5f3a0a1ffc338f9c58f75ed1890d7aade6137
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c6e32b0d67c2296adee997b3da0d0a37a1788db8cff56a9c0338885234c5be5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cce7e308a26ed1cefe69abd711f5f3a0a1ffc338f9c58f75ed1890d7aade6137
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E6139B160870966DE349AE88D97BBFF39CDF83710F140D19E882DB281DA159E4283E5
                                                                                                                                                                                                                                                                                                                                                                              Function 009A7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 602fa21d47bc1a734185e6adb1990ce9f31b30cf76068d9a7ca6f159d945241f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c99b57b3f95bed0b5b6c5b895ea2cc8f44e6e56dedb9b66cc106f53498fd4a3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 602fa21d47bc1a734185e6adb1990ce9f31b30cf76068d9a7ca6f159d945241f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F61783160870966DE384AE84C67BBFE39CEF83700F200D59E843CB2D1EA169D42C2D5
                                                                                                                                                                                                                                                                                                                                                                              Function 009F2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bd6a01079ac20f018c1ed97dc08f8b9f8c34732ff98459d1dcd73203ada8b228
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6153cdae0ca99b331ab0b138bbbd601b8f0785471e84a6672b7ad7a3a9e08ab6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd6a01079ac20f018c1ed97dc08f8b9f8c34732ff98459d1dcd73203ada8b228
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9321A8326206158BDB28CF79C81277A73E9B754310F19862EE4A7C37D0DE35A904C780
                                                                                                                                                                                                                                                                                                                                                                              Function 00A02ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00A02B30
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00A02B43
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32 ref: 00A02B52
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A02B6D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00A02B74
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00A02CA3
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00A02CB1
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02CF8
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00A02D04
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00A02D40
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D62
                                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D75
                                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D80
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00A02D89
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02D98
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00A02DA1
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02DA8
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00A02DB3
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02DC5
                                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,00A1FC38,00000000), ref: 00A02DDB
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00A02DEB
                                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00A02E11
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00A02E30
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A02E52
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00A0303F
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e74de03193ddc810eadf6924ba3652a72bac2b10d83ec6fb9245244efb2339af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 51dbfbcc6508dc7f5d3c5d95e3e81a0a6451272ceafaf17bf12cab2e66858476
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e74de03193ddc810eadf6924ba3652a72bac2b10d83ec6fb9245244efb2339af
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B028B71900209AFDB14DFA4DC89FAE7BB9FB49720F148158F915AB2A1CB70ED01CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A170D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00A1712F
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00A17160
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00A1716C
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,000000FF), ref: 00A17186
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00A17195
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00A171C0
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000010), ref: 00A171C8
                                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(00000000), ref: 00A171CF
                                                                                                                                                                                                                                                                                                                                                                              • FrameRect.USER32(?,?,00000000), ref: 00A171DE
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00A171E5
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 00A17230
                                                                                                                                                                                                                                                                                                                                                                              • FillRect.USER32(?,?,?), ref: 00A17262
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A17284
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: GetSysColor.USER32(00000012), ref: 00A17421
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: SetTextColor.GDI32(?,?), ref: 00A17425
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: GetSysColorBrush.USER32(0000000F), ref: 00A1743B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: GetSysColor.USER32(0000000F), ref: 00A17446
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: GetSysColor.USER32(00000011), ref: 00A17463
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A17471
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: SelectObject.GDI32(?,00000000), ref: 00A17482
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: SetBkColor.GDI32(?,00000000), ref: 00A1748B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: SelectObject.GDI32(?,?), ref: 00A17498
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00A174B7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A174CE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A173E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00A174DB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b87016469739a26b0ff8835aef506df08191f517b84659519467edae29da13a3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e526358c7c758e4d17de72caf896cf69b56a2eab741ba1bac56109b4e70e91a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b87016469739a26b0ff8835aef506df08191f517b84659519467edae29da13a3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60A17F72088301BFD701DFA4DC48A9E7BBAFB49330F105B19F962961A1D771E9468B51
                                                                                                                                                                                                                                                                                                                                                                              Function 00A02711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 00A0273E
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00A0286A
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00A028A9
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00A028B9
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00A02900
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 00A0290C
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00A02955
                                                                                                                                                                                                                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00A02964
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00A02974
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00A02978
                                                                                                                                                                                                                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00A02988
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A02991
                                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 00A0299A
                                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00A029C6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 00A029DD
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00A02A1D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00A02A31
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 00A02A42
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00A02A77
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00A02A82
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00A02A8D
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00A02A97
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 895242c2b9885ec98663178fc4c42c8acce3e3c69ff369d2a56579a48ea6219e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8475ba6bc890c3d0e2f8b696d1ba927ca2fec67f95b48c2b6aa8f0cd5005c9f7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 895242c2b9885ec98663178fc4c42c8acce3e3c69ff369d2a56579a48ea6219e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2B15A71A40219AFEB14DFA8DC49FAE7BA9FB48721F008514F914EB2D0D770AD41CBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 009F4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 009F4AED
                                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,00A1CB68,?,\\.\,00A1CC08), ref: 009F4BCA
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00A1CB68,?,\\.\,00A1CC08), ref: 009F4D36
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 04121d1343306255866a21e0c1d1bf5b6c78dc268aaca7d97f59dfd09e5dff66
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0202261d857d61894efe601e322b6714125f5cff5ac6a98b6b92bca922140fbb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04121d1343306255866a21e0c1d1bf5b6c78dc268aaca7d97f59dfd09e5dff66
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4161F63460520DEBCB04EF24C981EFE77B4BB85710B249815F946AB292DB39ED41DB52
                                                                                                                                                                                                                                                                                                                                                                              Function 00A173E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00A17421
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 00A17425
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 00A1743B
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00A17446
                                                                                                                                                                                                                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 00A1744B
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 00A17463
                                                                                                                                                                                                                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00A17471
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00A17482
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 00A1748B
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00A17498
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 00A174B7
                                                                                                                                                                                                                                                                                                                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00A174CE
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 00A174DB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00A1752A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00A17554
                                                                                                                                                                                                                                                                                                                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 00A17572
                                                                                                                                                                                                                                                                                                                                                                              • DrawFocusRect.USER32(?,?), ref: 00A1757D
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 00A1758E
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00A17596
                                                                                                                                                                                                                                                                                                                                                                              • DrawTextW.USER32(?,00A170F5,000000FF,?,00000000), ref: 00A175A8
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00A175BF
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00A175CA
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00A175D0
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00A175D5
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 00A175DB
                                                                                                                                                                                                                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00A175E5
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f7e678df072ae3ad474d8e4a40f94f7fa39db99c4c63ead21fe447eba6812551
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: afadafa78720fe52942a591abd9ac6e5cbebd819d7f6fa43c9d996b43fb188fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f7e678df072ae3ad474d8e4a40f94f7fa39db99c4c63ead21fe447eba6812551
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15616C76940218BFDF01DFA4DC49AEEBFB9EB08330F109215F911AB2A1D7749981CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A10FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A11128
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A1113D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00A11144
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A11199
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00A111B9
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00A111ED
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A1120B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A1121D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,?), ref: 00A11232
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00A11245
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 00A112A1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00A112BC
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00A112D0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00A112E8
                                                                                                                                                                                                                                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00A1130E
                                                                                                                                                                                                                                                                                                                                                                              • GetMonitorInfoW.USER32(00000000,?), ref: 00A11328
                                                                                                                                                                                                                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 00A1133F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000412,00000000), ref: 00A113AA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 32cf4b955392a341776d9c5930525657ffcfc6e7fa1943127fd7eec8c4dc9b0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1f6f4b78646a36d563a6bb60282cc1b22c1e849235714f0172847b09d009ed08
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32cf4b955392a341776d9c5930525657ffcfc6e7fa1943127fd7eec8c4dc9b0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1B18B71608341AFD700DF64C884BAAFBE4FF88750F00891CFA999B2A1D771E885CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A10241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00A102E5
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A1031F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10389
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A103F1
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10475
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00A104C5
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00A10504
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 009E2258
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 009E228A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5adc840fa7909a897f1901ebe4075d79a8de29b23023f17b543e484a892a5576
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3c7c5d08885ff7957f83ce315a285b3b575ae5ebc3886c17e3a637f7780394af
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5adc840fa7909a897f1901ebe4075d79a8de29b23023f17b543e484a892a5576
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90E1AD312082418FC714EF24C590DAEB7E6BFC8714B14895DF8A69B3A1DB70ED85CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00998891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00998968
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 00998970
                                                                                                                                                                                                                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0099899B
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 009989A3
                                                                                                                                                                                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 009989C8
                                                                                                                                                                                                                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 009989E5
                                                                                                                                                                                                                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 009989F5
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00998A28
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00998A3C
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 00998A5A
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00998A76
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 00998A81
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetCursorPos.USER32(?), ref: 00999141
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,009990FC), ref: 00998AA8
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e1477fb7eca71e7e27ace7f2d3ed93b53b0e6c1505709a8d9c60362201089c60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ddc0b86529373805b0803e6d4481dc5c07d493f2a30bc26a7ca517dde6766dd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1477fb7eca71e7e27ace7f2d3ed93b53b0e6c1505709a8d9c60362201089c60
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CB15C71A80209DFDF14DFA8CC45BEE7BB5FB48325F10852AFA15AB290DB74A841CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 009E0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                                                                                                                                                                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 009E0DF5
                                                                                                                                                                                                                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 009E0E29
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 009E0E40
                                                                                                                                                                                                                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 009E0E7A
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 009E0E96
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 009E0EAD
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 009E0EB5
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 009E0EBC
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 009E0EDD
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 009E0EE4
                                                                                                                                                                                                                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 009E0F13
                                                                                                                                                                                                                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 009E0F35
                                                                                                                                                                                                                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 009E0F47
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F6E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0F75
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F7E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0F85
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E0F8E
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0F95
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 009E0FA1
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E0FA8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: GetProcessHeap.KERNEL32(00000008,009E0BB1,?,00000000,?,009E0BB1,?), ref: 009E11A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,009E0BB1,?), ref: 009E11A8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,009E0BB1,?), ref: 009E11B7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 572e8cbf11af1cf1e71191c6d386544c824261860cb9bff89341099e84283753
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 27727ebc4f876601d3730d9f69fcb9fab7c42eab1425cf7101314df92cf39213
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 572e8cbf11af1cf1e71191c6d386544c824261860cb9bff89341099e84283753
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9771AB7290025AABDF21CFA5DC48BEEBBBCBF48310F048624F959A6190D770DE55CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0C4BD
                                                                                                                                                                                                                                                                                                                                                                              • RegCreateKeyExW.ADVAPI32(?,?,00000000,00A1CC08,00000000,?,00000000,?,?), ref: 00A0C544
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00A0C5A4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0C5F4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0C66F
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00A0C6B2
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00A0C7C1
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00A0C84D
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A0C881
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0C88E
                                                                                                                                                                                                                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00A0C960
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1be89fde82b39037f0d3622a7d7ad14e8f1eefae9f3dd8a88de36ce0fc58563f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e45eb09071f30709efb40719b3c0a06c86315aa6f78e604033a8d5c06f7963c4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be89fde82b39037f0d3622a7d7ad14e8f1eefae9f3dd8a88de36ce0fc58563f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 501267356042019FDB14EF24D881B2AB7E5FF88724F14895CF89A9B3A2DB31ED45CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00A109C6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10A01
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A10A54
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10A8A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10B06
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A10B81
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009E2BFA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6e6abbb38cb4eab425f896cf8127245fab8576212d6906c4c7bab7bcfb232752
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ce2c8fad4a5ef2bbdb1258ec2058b9431b83d8beb536cc70acc6d8849d3c769
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e6abbb38cb4eab425f896cf8127245fab8576212d6906c4c7bab7bcfb232752
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82E1BB352083418FCB14EF24C450EAAB7E1BFD8358B14895CF8969B3A2DB70ED85CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7257588da850fdc0878d854ea093a23d48ff2e328d66582ade7752b1f12e74c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e052384f9a40fe6683e7cffeeb1228f9abbbf6c9115c1a3734f4dcc4bf0275d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7257588da850fdc0878d854ea093a23d48ff2e328d66582ade7752b1f12e74c4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A471D53260056E8BCB10DF6CE9516BF33A6ABA17B4B650724FC559B2C4E635CD4583A0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A1835A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A1836E
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A18391
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A183B4
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00A183F2
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00A15BF2), ref: 00A1844E
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A18487
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00A184CA
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00A18501
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 00A1850D
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00A1851D
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,00A15BF2), ref: 00A1852C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00A18549
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00A18555
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c3d55cd37a47116a5177ee320f76d25332e40c8f93a1de51f4df5681aa5f074
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4117eb2499faf3571e867b393947ba80a27b942f268526ab8970a0668f55abd2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c3d55cd37a47116a5177ee320f76d25332e40c8f93a1de51f4df5681aa5f074
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B61CF71540215BAEB14DF64CC41BFE77ACFB44B21F108609F815DA1D1DFB8A991CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00987778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 98086dfea31188c045ad7e5a8b1f52240adde57c8cf789154dbd38b76e85c070
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f02aeda7d602b4401fdcb4aadeaceaede0cd87cab31cba78eaba70fee5cec0b5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98086dfea31188c045ad7e5a8b1f52240adde57c8cf789154dbd38b76e85c070
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED81F971A48605BBDB11BFA4CC42FAFB7A8BF95300F144424F805AA296EB74D951C7D1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 009E5A2E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 009E5A40
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 009E5A57
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 009E5A6C
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 009E5A72
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 009E5A82
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 009E5A88
                                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 009E5AA9
                                                                                                                                                                                                                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 009E5AC3
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E5ACC
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009E5B33
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 009E5B6F
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 009E5B75
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 009E5B7C
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 009E5BD3
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 009E5BE0
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,?), ref: 009E5C05
                                                                                                                                                                                                                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 009E5C2F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: df6ca60e63449e9f16512e1a5675848eae6f37ce848e493ad447c8001ccb9405
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c67c96214d949c7c6015cdd033d655eac907bfb4a2df55ff2156b530333ac2b9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df6ca60e63449e9f16512e1a5675848eae6f37ce848e493ad447c8001ccb9405
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3718E31900B49AFDB21DFA9CE85BAEBBF9FF48718F154918E142A25A0D774ED40CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 009FFE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F89), ref: 009FFE27
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8A), ref: 009FFE32
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 009FFE3D
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F03), ref: 009FFE48
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F8B), ref: 009FFE53
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F01), ref: 009FFE5E
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F81), ref: 009FFE69
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F88), ref: 009FFE74
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F80), ref: 009FFE7F
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F86), ref: 009FFE8A
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F83), ref: 009FFE95
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F85), ref: 009FFEA0
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F82), ref: 009FFEAB
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F84), ref: 009FFEB6
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F04), ref: 009FFEC1
                                                                                                                                                                                                                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 009FFECC
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorInfo.USER32(?), ref: 009FFEDC
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009FFF1E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3215588206-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce28f154fe6f6c62d2dcecc133d20f2152d89fb4996c7794cadaaf5bd646d1f5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 31b43dc22d3309460afb55c5185ac07ebff75fb7b22240eb01400e5f87da9b98
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce28f154fe6f6c62d2dcecc133d20f2152d89fb4996c7794cadaaf5bd646d1f5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 824154B0D443196ADB10DFBA8C85C6EBFE8FF04354B50452AE11DEB281DB789901CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 009A00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 009A00C6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00A5070C,00000FA0,99B3D00D,?,?,?,?,009C23B3,000000FF), ref: 009A011C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,009C23B3,000000FF), ref: 009A0127
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,009C23B3,000000FF), ref: 009A0138
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 009A014E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 009A015C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 009A016A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009A0195
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 009A01A0
                                                                                                                                                                                                                                                                                                                                                                              • ___scrt_fastfail.LIBCMT ref: 009A00E7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00A3: __onexit.LIBCMT ref: 009A00A9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • InitializeConditionVariable, xrefs: 009A0148
                                                                                                                                                                                                                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 009A0162
                                                                                                                                                                                                                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 009A0122
                                                                                                                                                                                                                                                                                                                                                                              • kernel32.dll, xrefs: 009A0133
                                                                                                                                                                                                                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 009A0154
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                              • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4f0380e06ca61c6754e6edac9b445a3d41b1725f32950a7939377dbb4339376e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 41cdbffefcc847631c4562ec357996c57b586aa611f25b9f419cfb9032839962
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f0380e06ca61c6754e6edac9b445a3d41b1725f32950a7939377dbb4339376e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D821F932A847517FE7109BE4AC16FE977A8FBC6F65F004629F801E7291DB7498018AD0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7aa472b0ef4eca55f71788cb9a5e6129961c9f28dc11187215ea548c16a30574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 22078005eecb3b474286a7dc5d655f076798ff617b736e431a89561eab68519d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7aa472b0ef4eca55f71788cb9a5e6129961c9f28dc11187215ea548c16a30574
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CE10632A00556ABCB169FB9C449BEEFBB8FF84710F54C529E456E7240EF30AE458790
                                                                                                                                                                                                                                                                                                                                                                              Function 009F44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharLowerBuffW.USER32(00000000,00000000,00A1CC08), ref: 009F4527
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F453B
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F4599
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F45F4
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F463F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F46A7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F9F2: _wcslen.LIBCMT ref: 0099F9FD
                                                                                                                                                                                                                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,00A46BF0,00000061), ref: 009F4743
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                              • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8b2af43e23c6e062f65d084b39b380b4a52fd19ba01527750d252dca32364cf9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 409b180829917c44710f4d8bedfc609d1abff39d6c58e967b30dc192193db04f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b2af43e23c6e062f65d084b39b380b4a52fd19ba01527750d252dca32364cf9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18B1DF316083069BC710EF28C890A7BB7E9AFE6760F50491DF696C7291E734D945CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 0098326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00A51990), ref: 009C2F8D
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00A51990), ref: 009C303D
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 009C3081
                                                                                                                                                                                                                                                                                                                                                                              • SetForegroundWindow.USER32(00000000), ref: 009C308A
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(00A51990,00000000,?,00000000,00000000,00000000), ref: 009C309D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 009C30A9
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bdc68ef859636652079fc6c6f1b015cfb5bd10bf43ed7d20c4fe2133b6a9713c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6161d4370985228b5561f781d922e3dcfeebe8365610b9675e4eab19a272cfbe
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdc68ef859636652079fc6c6f1b015cfb5bd10bf43ed7d20c4fe2133b6a9713c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0714D31A44205BEEB21DF69CC49FAABF69FF05774F20821AF5246A1D0C7B5AD10C791
                                                                                                                                                                                                                                                                                                                                                                              Function 00A16CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 00A16DEB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00A16E5F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00A16E81
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A16E94
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00A16EB5
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00980000,00000000), ref: 00A16EE4
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00A16EFD
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 00A16F16
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 00A16F1D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00A16F35
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00A16F4D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 77b03485e28f0dec36bce38de1bb935b2eaaed355189c874dbf696518ef460e4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e534ec83fb99963026870509a5ccf30b2a109850392f5f01cf96a86131442da1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77b03485e28f0dec36bce38de1bb935b2eaaed355189c874dbf696518ef460e4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34716674244340AFDB21CF68D848BBABBE9FB88314F04491DF999C72A1C774A946CB11
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryPoint.SHELL32(?,?), ref: 00A19147
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A17674: ClientToScreen.USER32(?,?), ref: 00A1769A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A17674: GetWindowRect.USER32(?,?), ref: 00A17710
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A17674: PtInRect.USER32(?,?,00A18B89), ref: 00A17720
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00A191B0
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00A191BB
                                                                                                                                                                                                                                                                                                                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00A191DE
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00A19225
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 00A1923E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00A19255
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 00A19277
                                                                                                                                                                                                                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 00A1927E
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00A19371
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5b35d1d6f7066a145b5a70c5bb20d2d85e020557280c5ce99d2121e60f87c986
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9656e9119cb0efa76f4c340de36e0f45c807c2fa86e24849d55f6a9ce77f1f65
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b35d1d6f7066a145b5a70c5bb20d2d85e020557280c5ce99d2121e60f87c986
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52614A71108301AFD701EFA4DC85EAFBBE9EFC9750F04492DF5A5962A0DB309A49CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 009FC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009FC4B0
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 009FC4C3
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 009FC4D7
                                                                                                                                                                                                                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 009FC4F0
                                                                                                                                                                                                                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 009FC533
                                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 009FC549
                                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009FC554
                                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 009FC584
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 009FC5DC
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 009FC5F0
                                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 009FC5FB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fe2d3f8453470980b1919ae4b9dca7311e59746fc061c510e2be41e7f0ad22ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 32d37b9c6c46165efe6514c14b262a84ad5f2cbecbc4c76b1642f188a949e90f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe2d3f8453470980b1919ae4b9dca7311e59746fc061c510e2be41e7f0ad22ee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC5159B154430DBFDB21DFA0CA88ABB7BBCFB08754F04841AFA4596250DB74E945DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00A18592
                                                                                                                                                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185A2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185AD
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185BA
                                                                                                                                                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00A185C8
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185D7
                                                                                                                                                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00A185E0
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185E7
                                                                                                                                                                                                                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00A185F8
                                                                                                                                                                                                                                                                                                                                                                              • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00A1FC38,?), ref: 00A18611
                                                                                                                                                                                                                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00A18621
                                                                                                                                                                                                                                                                                                                                                                              • GetObjectW.GDI32(?,00000018,?), ref: 00A18641
                                                                                                                                                                                                                                                                                                                                                                              • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00A18671
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00A18699
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00A186AF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a6a042a4681765429c23574eee500d7cb789e59addf4451b90848477d319d7ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 13a71b7f46799832af5cf0a4d23f399fd326185a6909ddb5b41a7f753f9a0458
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6a042a4681765429c23574eee500d7cb789e59addf4451b90848477d319d7ac
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6E412975640204BFDB11DFA5CC48EEA7BBDEF89761F108058F915EB260DB349942CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009F14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 009F1502
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 009F150B
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009F1517
                                                                                                                                                                                                                                                                                                                                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 009F15FB
                                                                                                                                                                                                                                                                                                                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 009F1657
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 009F1708
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 009F178C
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009F17D8
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009F17E7
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 009F1823
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 284bf6b3cb510b4395ba9974dc15d17c89d265bb0adf64e34dc95ee0c03e41dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 680e6635f9b96e37847236bd4dd588cfce770bf9a7184c2095f8532fab5e4fbb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 284bf6b3cb510b4395ba9974dc15d17c89d265bb0adf64e34dc95ee0c03e41dc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90D1F031A04119EBDF04AF65E884BBDB7B6BF84700F148456FA46AB680DB34DC41DBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0B6F4
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0B772
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteValueW.ADVAPI32(?,?), ref: 00A0B80A
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A0B87E
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A0B89C
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00A0B8F2
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A0B904
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A0B922
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00A0B983
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0B994
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b47834a187a79b69e14ebab38fb8e0af2faa30dac717f94934f034e8aea782e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1e8665b3091694670089d61fcf8b32fffeac5c967a36f1b2475cf32d76e1f53
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b47834a187a79b69e14ebab38fb8e0af2faa30dac717f94934f034e8aea782e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AC19B30218205AFD710DF24D594F2ABBE5BF84358F14859CF59A8B3A2CB71EC46CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00A025D8
                                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00A025E8
                                                                                                                                                                                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 00A025F4
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00A02601
                                                                                                                                                                                                                                                                                                                                                                              • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00A0266D
                                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00A026AC
                                                                                                                                                                                                                                                                                                                                                                              • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00A026D0
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 00A026D8
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 00A026E1
                                                                                                                                                                                                                                                                                                                                                                              • DeleteDC.GDI32(?), ref: 00A026E8
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 00A026F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 98cad19ccead2cf0c7e264821b8300ddc04aaef4d8da045988902d3829d7cebd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c4a628ea9b7042192d51e11704f1b6dea1892a8458bdc97997c443dd9968cee
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98cad19ccead2cf0c7e264821b8300ddc04aaef4d8da045988902d3829d7cebd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE61E275D00219EFCF14CFE8D988AAEBBB6FF48310F208529E955A7250E771A941CF50
                                                                                                                                                                                                                                                                                                                                                                              Function 009BDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ___free_lconv_mon.LIBCMT ref: 009BDAA1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD659
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD66B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD67D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD68F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6A1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6B3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6C5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6D7
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6E9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD6FB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD70D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD71F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD63C: _free.LIBCMT ref: 009BD731
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDA96
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDAB8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDACD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDAD8
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDAFA
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB0D
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB1B
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB26
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB5E
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB65
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB82
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BDB9A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a317ce12611cf11754fb6e57a495fecab39fe389f34513ed2e12ab850713c4e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 30ec507caf4286e6a812f6faa8bf419d3f154f90d269ce75b92ea83dcb285219
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a317ce12611cf11754fb6e57a495fecab39fe389f34513ed2e12ab850713c4e2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72312831606605AFEB21AB79EA45BDAB7EDFF40330F154829E449D7191EF31ED808B24
                                                                                                                                                                                                                                                                                                                                                                              Function 009E365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 009E369C
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009E36A7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 009E3797
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 009E380C
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 009E385D
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E3882
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009E38A0
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000), ref: 009E38A7
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 009E3921
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 009E395D
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 69b3520d5898499c3210b86e7a1ad2ce2e8ec701888e630b58455f1618aac3e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ac6b6350fa0353cd7f3029b71a034a40ff210fa460c7a078e45cf53fcbb8de42
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69b3520d5898499c3210b86e7a1ad2ce2e8ec701888e630b58455f1618aac3e6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A91A071204646EFD71ADF66C889BAAB7A8FF44350F00C529F9A9C3191DB30EE45CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 009E4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 009E4994
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 009E49DA
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009E49EB
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 009E49F7
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 009E4A2C
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 009E4A64
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 009E4A9D
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 009E4AE6
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 009E4B20
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E4B8B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2ee9fa015cb92a49bb2446fcb8470ff7d200352234872dbcdede52d914476d5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9cf090dc9a01967350dce8eaa3b0c120a16262f2536d0d4a5665ac4becef344
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ee9fa015cb92a49bb2446fcb8470ff7d200352234872dbcdede52d914476d5f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA91ED310083459FDB06CF16C885BAA77ECFF84324F088469FD859A196EB34ED46CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A18D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A18D5A
                                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 00A18D6A
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 00A18D75
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00A18E1D
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00A18ECF
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 00A18EEC
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 00A18EFC
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00A18F2E
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00A18F70
                                                                                                                                                                                                                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00A18FA1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a14e6c117863c5c658cfb3fa21ec1c2880d7cfb290d70683c68b1ce7ac9e6b74
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 197002c9c7f7b3f410161977bbb97d72c60eeccec577ed89b7e0db0a45f20c1f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a14e6c117863c5c658cfb3fa21ec1c2880d7cfb290d70683c68b1ce7ac9e6b74
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8581AE715083019FDB10CF24D884AEBBBEAFB88764F14491DF99597291DB38D982CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 009EDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoSizeW.VERSION(?,?), ref: 009EDC20
                                                                                                                                                                                                                                                                                                                                                                              • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 009EDC46
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009EDC50
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 009EDCA0
                                                                                                                                                                                                                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 009EDCBC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e3616c9580cdb3d874eb7bb04c97abefcc898ef48599321fa014aea9eacef893
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 41c82b6582395bf038380cf661a63544d374b8081d10ccf499e3effb701d7c99
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3616c9580cdb3d874eb7bb04c97abefcc898ef48599321fa014aea9eacef893
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C412172A442107ADB01ABA59C07FFF77ACEF82760F140469F900E61C2EB749E4187A5
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0CC64
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00A0CC8D
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A0CD48
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00A0CCAA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00A0CCBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00A0CCCF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00A0CD05
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00A0CD28
                                                                                                                                                                                                                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00A0CCF3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fa36f555cef2d3761ad55585947289892d9ccbdf7a30991991d1c78f30ec6858
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 09200a48c1ae507b35f717ebc0c67e0cefd250f035aa41f6a8fa759bc9503a03
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fa36f555cef2d3761ad55585947289892d9ccbdf7a30991991d1c78f30ec6858
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6931607194112DBBD720CB94EC88EFFBB7CEF45760F004265A905E3190D7349E469AA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009F3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 009F3D40
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F3D6D
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 009F3D9D
                                                                                                                                                                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 009F3DBE
                                                                                                                                                                                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 009F3DCE
                                                                                                                                                                                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 009F3E55
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009F3E60
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 009F3E6B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3b5bb0d1b18dfdd2b203b8fd284ee1b3517eb4ebbdd3462030a43f69242c3b62
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4f963ac921f70756502b45fb12b67b205c3c2b0c1134f0c336227e79dcf82015
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b5bb0d1b18dfdd2b203b8fd284ee1b3517eb4ebbdd3462030a43f69242c3b62
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC31CF72940219ABDB20DBA0DC49FEF77BCEF89750F1080A5FA09D60A0EB7497458B64
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • timeGetTime.WINMM ref: 009EE6B4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099E551: timeGetTime.WINMM(?,?,009EE6D4), ref: 0099E555
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 009EE6E1
                                                                                                                                                                                                                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 009EE705
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 009EE727
                                                                                                                                                                                                                                                                                                                                                                              • SetActiveWindow.USER32 ref: 009EE746
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 009EE754
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 009EE773
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 009EE77E
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32 ref: 009EE78A
                                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 009EE79B
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b1e03946bb45c43720d473f67c9f6c1df30f699a61b5cd0b5ffc6d15a3ce8fe
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4eaff46b1ed4e9f13dfe662e866520048c55eeee75e634979631e1d819b6d0c7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b1e03946bb45c43720d473f67c9f6c1df30f699a61b5cd0b5ffc6d15a3ce8fe
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A12196B0280385AFEB02DFE1EC89B753B6EF75576AF105434F415825A1DB769C028B15
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 009EEA5D
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 009EEA73
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 009EEA84
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 009EEA96
                                                                                                                                                                                                                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 009EEAA7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c3146e287ca4018259a278094615055f4312c80f4be5afce83f8ea235c8a129f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db2026191a91c121b60de6150c08a35b8678bb04d3415c5f4e391984275b7b74
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3146e287ca4018259a278094615055f4312c80f4be5afce83f8ea235c8a129f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0115135A9026979D721B7A2DC4AEFF6A7CFBD2F00F440829B411A21D1EAB00E05C6B1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 009E5CE2
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 009E5CFB
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 009E5D59
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 009E5D69
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 009E5D7B
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 009E5DCF
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 009E5DDD
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 009E5DEF
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 009E5E31
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 009E5E44
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 009E5E5A
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 009E5E67
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f6d8c478b88f8c11b01f32e1ee66d094d3974110102987a9f16a0a33e34a5c9d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 43a9ee7e8bb19f313d2f21c8292ab9fe8956b7242fd428e94b68206a009e59e5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6d8c478b88f8c11b01f32e1ee66d094d3974110102987a9f16a0a33e34a5c9d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D513F70B40605AFDF19CFA9CD89AAEBBB9FB48314F158129F515E7290D7709E01CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 00998BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00998F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00998BE8,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 00998FC5
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00998C81
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(00000000,?,?,?,?,00998BBA,00000000,?), ref: 00998D1B
                                                                                                                                                                                                                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 009D6973
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 009D69A1
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000,?), ref: 009D69B8
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00998BBA,00000000), ref: 009D69D4
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 009D69E6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 29c58d553560ba4ef579a6560a0f93492ada902c3360fdaa2657cde9da7f5f34
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94d8658e2edee96434ca6418f57cc028799c91799d93891b761d5bf4cf7b1ca6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29c58d553560ba4ef579a6560a0f93492ada902c3360fdaa2657cde9da7f5f34
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF618C30542700DFCF21DF68D958B6677F5FB46322F14891DE0829BAA0CB75AD82CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00999838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999944: GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 00999862
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 568aedb42fd55e67d02bcc3c8abb1a81a81f19fcd36d7ac1b5b70943f8e7ce73
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d8d1cb61fc482593b7fa11613809798e24e5af32cec93454e98f0e1e6c16a6c1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 568aedb42fd55e67d02bcc3c8abb1a81a81f19fcd36d7ac1b5b70943f8e7ce73
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9641A231184644AFDF209F7D9C84BB97BA9EB06331F14861DF9A2872E1E7319C42DB11
                                                                                                                                                                                                                                                                                                                                                                              Function 009E96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,009CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 009E9717
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,009CF7F8,00000001), ref: 009E9720
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,009CF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 009E9742
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,009CF7F8,00000001), ref: 009E9745
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 009E9866
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e83e947701c053a1d6a02ab7f0ac245fcbc213cef0bf39edccd8d5e9996dc979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b877b8417d437cba88526e2232883d1efcbcc70a7341fb3742da76f933e25d4f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e83e947701c053a1d6a02ab7f0ac245fcbc213cef0bf39edccd8d5e9996dc979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61414A72800219AACF05FBE0DE86FEEB378AF95740F544425F60672192EB356F49CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009E06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009E07A2
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009E07BE
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009E07DA
                                                                                                                                                                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 009E0804
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 009E082C
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 009E0837
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 009E083C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce0dbdef4aefe04e71b1925b7021613f8559c0586b249f485c5cc90c90d919ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2289581e63af4284ae35537f5a53853afa039205c943463dc52f29400e720fbe
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce0dbdef4aefe04e71b1925b7021613f8559c0586b249f485c5cc90c90d919ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E411672C10229ABDF15EBA4DC85DEDB778FF84750B04812AE901A3261EB759E45CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A03C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00A03C5C
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 00A03C8A
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00A03C94
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A03D2D
                                                                                                                                                                                                                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 00A03DB1
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 00A03ED5
                                                                                                                                                                                                                                                                                                                                                                              • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00A03F0E
                                                                                                                                                                                                                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,00A1FB98,?), ref: 00A03F2D
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 00A03F40
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00A03FC4
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00A03FD8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b788cc6dc9bc3fb79aa8e92a3c7793ed0a4c23b7b77457bd3e4468a942e756c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c17aae0b99b0c5e701a5d56b200bb1a82bd93c5648605c5969027ceb93b688af
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b788cc6dc9bc3fb79aa8e92a3c7793ed0a4c23b7b77457bd3e4468a942e756c3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04C15772608309AFDB00DF68D88492BB7E9FF89744F04491DF98A9B291D730ED05CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 009F7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 009F7AF3
                                                                                                                                                                                                                                                                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 009F7B8F
                                                                                                                                                                                                                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 009F7BA3
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00A1FD08,00000000,00000001,00A46E6C,?), ref: 009F7BEF
                                                                                                                                                                                                                                                                                                                                                                              • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 009F7C74
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?), ref: 009F7CCC
                                                                                                                                                                                                                                                                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 009F7D57
                                                                                                                                                                                                                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 009F7D7A
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 009F7D81
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 009F7DD6
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 009F7DDC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13c40dda953b9092f9af63d1f768fcd055bb464b3644987028c569c9491d5a87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 390d12ba7295807c54e6ff43e2258a7a548e0dc3e61cb15c5d30c25783892004
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13c40dda953b9092f9af63d1f768fcd055bb464b3644987028c569c9491d5a87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7C11A75A04109AFCB14DFA4C888DAEBBF9FF48314B148499F9199B361D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00A15504
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A15515
                                                                                                                                                                                                                                                                                                                                                                              • CharNextW.USER32(00000158), ref: 00A15544
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00A15585
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00A1559B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A155AC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 46ee4fc730b3a3bb779feda293caa44433a1b429c75ff4b0b4b78541cfc35ae6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fddbe86be4a564d83cfad50fad892a660e80813514180fe1e9b1f0bede1754cc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46ee4fc730b3a3bb779feda293caa44433a1b429c75ff4b0b4b78541cfc35ae6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC616E35D00608EFDF10DFA4CC84AFE7BBAEB89721F108145F525A6291D7748AC1DB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009DFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 009DFAAF
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 009DFB08
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 009DFB1A
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 009DFB3A
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 009DFB8D
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 009DFBA1
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009DFBB6
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 009DFBC3
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009DFBCC
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009DFBDE
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 009DFBE9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1173c39d38197ec49e25e693f7b84974861fe9d3d8230a79a542ff8eeca6c150
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 540fcdd8f7b0ee8c31a69b6a4fe30a1eb97c559035c064be39bdc9285df35abd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1173c39d38197ec49e25e693f7b84974861fe9d3d8230a79a542ff8eeca6c150
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92418234A402199FCB00DFA4D8699EDBBB9EF48354F00C06AE946A7361D734A946CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 009E9CA1
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 009E9D22
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 009E9D3D
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 009E9D57
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 009E9D6C
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 009E9D84
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 009E9D96
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 009E9DAE
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 009E9DC0
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 009E9DD8
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 009E9DEA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b13ca49ce3e08dd3eae63caf0cfd25443ce94bf71743c04508f3749c72982679
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c68b190ea5fcb9eb45a6b8218c152d89eff3dc8db348edf9e5e8e3bd646d95d6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b13ca49ce3e08dd3eae63caf0cfd25443ce94bf71743c04508f3749c72982679
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB41F8345047D96DFF3297A288043F5BEE96F12354F08805EDAC65A5C2DBA49DC8C7A2
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 00A005BC
                                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?), ref: 00A0061C
                                                                                                                                                                                                                                                                                                                                                                              • gethostbyname.WSOCK32(?), ref: 00A00628
                                                                                                                                                                                                                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 00A00636
                                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00A006C6
                                                                                                                                                                                                                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00A006E5
                                                                                                                                                                                                                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(?), ref: 00A007B9
                                                                                                                                                                                                                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 00A007BF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: bf40c2ec2c35d079ebaff43cf40aaf29f2d3c0173ef7b30a20a21f8e1f026a54
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5e9dc7fcf59806ff07438a112f1f6f509ca498df5c1fc3b529be1be2b915101c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf40c2ec2c35d079ebaff43cf40aaf29f2d3c0173ef7b30a20a21f8e1f026a54
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B591CF34608601AFD720DF15E888F1ABBE0AF89318F1485A9F4698B7A2C775FD45CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A08CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 152c03bdc409207acf6958af47773b0fea71b8fedafacfdc43f92e59362b10e8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c887a9f4359ae9c4d08156323146892a3a4234ed70ad14d89e826a76e1695f5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 152c03bdc409207acf6958af47773b0fea71b8fedafacfdc43f92e59362b10e8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2751C131A0051A9BCF14DF68D9409BEB7A6BFA5720B214229E8A6E73C4DB38DD40C794
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32 ref: 00A03774
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 00A0377F
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,00A1FB78,?), ref: 00A037D9
                                                                                                                                                                                                                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 00A0384C
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00A038E4
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00A03936
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68632ae9f57e314b87caf3e95e89c8a3d7ed292c50bec3c7b59af71e2538aa59
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ed8cfc3e1234fdf1d8b802208e8b42d7c63c21ad448d82c23ed4abc4b147e309
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68632ae9f57e314b87caf3e95e89c8a3d7ed292c50bec3c7b59af71e2538aa59
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1761CF72608305AFDB11DF54D888F6ABBE8FF88710F104849F9859B291D770EE48CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009F8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 009F8257
                                                                                                                                                                                                                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 009F8267
                                                                                                                                                                                                                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 009F8273
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009F8310
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8324
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8356
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009F838C
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8395
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 761b1e5316684d30f62eea72f55c2fbe523b6eb04a601e46fb821829132a9c68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 61f850be3772329072a25edf183e4a1bf34625926c398fdaaf2e10422500f0db
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 761b1e5316684d30f62eea72f55c2fbe523b6eb04a601e46fb821829132a9c68
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE615BB25083499FCB10EF64C840AAFB3E8FF89714F04891DFA9997251DB35E945CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009F3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 009F33CF
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 009F33F0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f9f2279c75ce2c217a6d604a827ff0f440d4f6b28f52fa80fafc3226ea275aa6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9bb19e9ed142933a1e9474634171a07db2a39b520d3b2279cd86eaf359d83233
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9f2279c75ce2c217a6d604a827ff0f440d4f6b28f52fa80fafc3226ea275aa6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76518A3190020ABADF15EBE0CD56FFEB378AF94340F248465F109721A2EB252F59CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009EB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 862d882d4c1fd897d2ad7dd969194d5a1402dfbb436d95d66577657a6ed14b0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a4ab3a6adb5e2f3e12b99c5cf7fe06ab766c1d8a93a3b13d5ee66bc636452ad
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 862d882d4c1fd897d2ad7dd969194d5a1402dfbb436d95d66577657a6ed14b0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E841E732A000679ACB216F7E88905BFB7A9BBE1F74B244529E521DB284E735CD81C790
                                                                                                                                                                                                                                                                                                                                                                              Function 009F5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 009F53A0
                                                                                                                                                                                                                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 009F5416
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009F5420
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 009F54A7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e953a4c82f35a80aaf4b2f5bfdeacec05f96876ea107936482bd7dde76c2cd3c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a54458714496d86bc422171cad3241f279cfef3ccdcb4248c23ecf283fff4f5b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e953a4c82f35a80aaf4b2f5bfdeacec05f96876ea107936482bd7dde76c2cd3c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC31B075A006099FC710DF68C484BFABBB8EF45309F198069E605CB3A2D731DD82CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateMenu.USER32 ref: 00A13C79
                                                                                                                                                                                                                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 00A13C88
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A13D10
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00A13D24
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00A13D2E
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A13D5B
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00A13D63
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d373823475363c3ce1fba9ac1fa1dba09545d4f916ad27cd759a979428d20f70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9955965ab5080b1c3610fd4f9097749232e3c8e58bd8d9d796e3cde478085d9e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d373823475363c3ce1fba9ac1fa1dba09545d4f916ad27cd759a979428d20f70
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D418A75A01209EFDF14CFA4E844BEA7BB6FF49364F144428F94697360D730AA11CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 009E1F64
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 009E1F6F
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 009E1F8B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E1F8E
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 009E1F97
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009E1FAB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 009E1FAE
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 711023334-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9f9f3f5530cd89ad90f5c45e6b029374da8af4c6f0cdf432195d56df4d05f98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a26bad189a61e9c4304f60895d57eeffb9e38f1ad4f4b4b3d4fd96341692d636
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9f9f3f5530cd89ad90f5c45e6b029374da8af4c6f0cdf432195d56df4d05f98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B621FF74900214BFCF01EFA0CC84EFEBBB9EF45310B108505F961A32A1DB398949CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00A13A9D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00A13AA0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A13AC7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00A13AEA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00A13B62
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00A13BAC
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00A13BC7
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00A13BE2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00A13BF6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00A13C13
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b8c8beca91a4c509a155a3fab42b2d19b8a2c60cc9718ba9046835a867ced0b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1d8fb2ddaddfb223e9473c8413334a48d112e03fbbb59de3cf387db68bb4d18a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8c8beca91a4c509a155a3fab42b2d19b8a2c60cc9718ba9046835a867ced0b4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6617A75900248EFDB10DFA8CC81EEE77B8EB09710F104199FA15EB2A1D774AE86DB50
                                                                                                                                                                                                                                                                                                                                                                              Function 009B2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2C94
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CA0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CAB
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CB6
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CC1
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CCC
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CD7
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CE2
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CED
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2CFB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a5d78b79a23f8599ee1b3f7cbced5f47ecb5ab8d672c7fe7606b1dc6e82db414
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 64834dab36878a3764ac5f8550d2df23f2033d86de1d680e4e9841eaee6f24f4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5d78b79a23f8599ee1b3f7cbced5f47ecb5ab8d672c7fe7606b1dc6e82db414
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11115976510108BFCB02EF54DA42DDD3BA5FF45360F5149A5F94C5F222DA31EE509B90
                                                                                                                                                                                                                                                                                                                                                                              Function 009F7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 009F7FAD
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F7FC1
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 009F7FEB
                                                                                                                                                                                                                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 009F8005
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8017
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 009F8060
                                                                                                                                                                                                                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 009F80B0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 44de7f5cac3685705989a3ac368cc09cc57f283b82f8d3131f90bc3352edb871
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c890e22acd9b2ce9bd8d5d08c1dfc66c6f1575ec5e6c3a495c8bd31dc174a472
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44de7f5cac3685705989a3ac368cc09cc57f283b82f8d3131f90bc3352edb871
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E281AF715082099BCB20EF94C844ABAF3E8BF89314F584C5EFA95D7260EB34DD458B92
                                                                                                                                                                                                                                                                                                                                                                              Function 00985BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 00985C7A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00985D0A: GetClientRect.USER32(?,?), ref: 00985D30
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00985D0A: GetWindowRect.USER32(?,?), ref: 00985D71
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00985D0A: ScreenToClient.USER32(?,?), ref: 00985D99
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32 ref: 009C46F5
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 009C4708
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 009C4716
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 009C472B
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 009C4733
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 009C47C4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1c5be201fa5ae79157362fae69933f9981d264c5b04ac0160ab49829204f95fb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6617c55a256eba91079bd95159b6b12b1ed8032e6a77478eb2a8a629d148892b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c5be201fa5ae79157362fae69933f9981d264c5b04ac0160ab49829204f95fb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3571BC31A00205DFCF21DF64C9A4FEA3BB9FF4A364F144669ED555A2AAC3308851DF52
                                                                                                                                                                                                                                                                                                                                                                              Function 009F359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 009F35E4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00A52390,?,00000FFF,?), ref: 009F360A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5e31bbe4c355802323f733320a87240b82ee4c84831d069d4d26e335e96cb9c8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f8c6f080c757e25164ab4cc444994bccf343113182004e112f0d5f05aee3e27c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e31bbe4c355802323f733320a87240b82ee4c84831d069d4d26e335e96cb9c8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0514B7180020ABADF15FBA0CC46FFDBB78AF94350F148125F205722A1EB351B99DBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A18B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetCursorPos.USER32(?), ref: 00999141
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099912D: GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00A18B6B
                                                                                                                                                                                                                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 00A18B71
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseCapture.USER32 ref: 00A18B77
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 00A18C12
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00A18C25
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00A18CFF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 45bb3cbdf4b1939bf423cc710057e2020b6befaed5388913c31692567b29a981
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2d881630fc7a69e56e48b28a6200871815c12d583fc6bd8d40891724fc2f82eb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45bb3cbdf4b1939bf423cc710057e2020b6befaed5388913c31692567b29a981
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE518970104300AFD700EF64DC96FAA77E5FB88715F400A2DF996A72A1CB759944CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 009FC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 009FC272
                                                                                                                                                                                                                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 009FC29A
                                                                                                                                                                                                                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 009FC2CA
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009FC322
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 009FC336
                                                                                                                                                                                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 009FC341
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 09ee38b0d90b73c6b6b9588c7cb575a8b25be7451cd5b3a098a1c4ed63428e7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ad5e7aceedb66219e5a07d3a256c01556378cd9c4baa39b2ed1854e4fdaedd13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09ee38b0d90b73c6b6b9588c7cb575a8b25be7451cd5b3a098a1c4ed63428e7b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A319AB160020CAFD721DFA48E88ABB7BFCEB49794B14C51EF546D2240DB74ED059B61
                                                                                                                                                                                                                                                                                                                                                                              Function 009E989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,009C3AAF,?,?,Bad directive syntax error,00A1CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 009E98BC
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000,?,009C3AAF,?), ref: 009E98C3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 009E9987
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ffd60f99588afb90a54bce0e49af26541803074f77c5125e107dfd2838c8cdba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 73ac59a034204345e0b8b154cc4abfe74bc5286b06ba00beae90d3ebb09f2466
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffd60f99588afb90a54bce0e49af26541803074f77c5125e107dfd2838c8cdba
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2721803194021ABBCF16EF90CC06FEE7739FF59700F04881AF519661A2EB759A18DB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009E209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32 ref: 009E20AB
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 009E20C0
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 009E214D
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f14131541147006197e7b5658529dbc03efd708b1f5cc4d101d18ad40df8857a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 59ea73f9b92e4ee68a6e5370ae67a436d5160118f8b2cbb303cc5091c3bac9d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f14131541147006197e7b5658529dbc03efd708b1f5cc4d101d18ad40df8857a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B11297A6CC706BAF6026331EC07EE6379CDF46324B200416FB04A50E2FEB5AD035654
                                                                                                                                                                                                                                                                                                                                                                              Function 009B8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12c771a80df4127f05c9a9d93c4fe518448f62244f65879e25e22816f4004635
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 29937a0ba75311bdb5150ea1142969c0dcc8a5850072ac8ff84a3cd5777b5bdf
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12c771a80df4127f05c9a9d93c4fe518448f62244f65879e25e22816f4004635
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7C1F474904349AFCB11EFE8D945BEEBBB8BF4A320F144199F914A7392C7349942CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009BCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d20f90b118eb66445beff2f10914a7a212a2752b00edb4e2c197a70ffef8ad21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b66297b05868fdb54cc73603d252ad424516e943a95e6ba356de892f4e81b2e4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d20f90b118eb66445beff2f10914a7a212a2752b00edb4e2c197a70ffef8ad21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F76129B2905301BFDB21AFF49A81BFA7BA9EF45330F0445ADF944A7282E6319D018790
                                                                                                                                                                                                                                                                                                                                                                              Function 00A150D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00A15186
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 00A151C7
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000005,?,00000000), ref: 00A151CD
                                                                                                                                                                                                                                                                                                                                                                              • SetFocus.USER32(?,?,00000005,?,00000000), ref: 00A151D1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A16FBA: DeleteObject.GDI32(00000000), ref: 00A16FE6
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A1520D
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A1521A
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00A1524D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00A15287
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00A15296
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 02ab91cb57fe9ccae3155ec3a3149e7d6042236f6f6078394b09a84989b313fc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db5ba6f0589cb32c97052eaba25cf2f1c9744b943db32ad72a189fd6f8817cb8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02ab91cb57fe9ccae3155ec3a3149e7d6042236f6f6078394b09a84989b313fc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8517031E90A08FEEF21AF78CC49BD93B65BB85321F148215F625962E0C7B5A9D0DB41
                                                                                                                                                                                                                                                                                                                                                                              Function 00998B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 009D6890
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 009D68A9
                                                                                                                                                                                                                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 009D68B9
                                                                                                                                                                                                                                                                                                                                                                              • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 009D68D1
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 009D68F2
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00998874,00000000,00000000,00000000,000000FF,00000000), ref: 009D6901
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 009D691E
                                                                                                                                                                                                                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00998874,00000000,00000000,00000000,000000FF,00000000), ref: 009D692D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7e50035ac2264b8a6fe50abdfdfadf64083a9ace994e50864abf5ddb6021eab1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a0e012240574d30e49cf1bd74eae8ddfae508eb7a1c5753e8230d54743f7520e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e50035ac2264b8a6fe50abdfdfadf64083a9ace994e50864abf5ddb6021eab1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F518870640209EFDF20CF68CC55BAA7BBAFB58760F14891DF912972A0DB74E991DB40
                                                                                                                                                                                                                                                                                                                                                                              Function 009FC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009FC182
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009FC195
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?), ref: 009FC1A9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009FC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 009FC272
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009FC253: GetLastError.KERNEL32 ref: 009FC322
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009FC253: SetEvent.KERNEL32(?), ref: 009FC336
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009FC253: InternetCloseHandle.WININET(00000000), ref: 009FC341
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f269a1e94cbcf3a8e7580f2637ccd7cd3bce9a6f6fcbd6cb970b9c17a8b0ceb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c57ce617caa4b3186952ab91940a701b646d9e6d789d02157dbcf96d84ff3930
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f269a1e94cbcf3a8e7580f2637ccd7cd3bce9a6f6fcbd6cb970b9c17a8b0ceb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6318BB124060DAFDB219FE59E44AF6BBE8FF58320B14C41DFA6682611C730E8159B60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E25BD
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009E25DB
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 009E25DF
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E25E9
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 009E2601
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 009E2605
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 009E260F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 009E2623
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 009E2627
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3cddbe7e8ea17db3aac18fdd769a4fce10d956964f69cb2d2be8ecbed717ee7f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dead46333b6bcbb873092e42e4d06ff1e805c037b1004b2071915f42ca69a5b3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cddbe7e8ea17db3aac18fdd769a4fce10d956964f69cb2d2be8ecbed717ee7f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4801D8303D0364BBFB10A7A9DC8EF993F59DB8EB21F104011F358AF0D1C9E118458A69
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,009E1449,?,?,00000000), ref: 009E180C
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E1813
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,009E1449,?,?,00000000), ref: 009E1828
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000,?,009E1449,?,?,00000000), ref: 009E1830
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E1833
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,009E1449,?,?,00000000), ref: 009E1843
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(009E1449,00000000,?,009E1449,?,?,00000000), ref: 009E184B
                                                                                                                                                                                                                                                                                                                                                                              • DuplicateHandle.KERNEL32(00000000,?,009E1449,?,?,00000000), ref: 009E184E
                                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,009E1874,00000000,00000000,00000000), ref: 009E1868
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 882c0a994731823158184c5e8e0bf6d12a22ab79834400bdec90254fabcd1650
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 519dc912583f42bd5d2b3638bf07e9561327de0df89a22db476e90b88151b18a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 882c0a994731823158184c5e8e0bf6d12a22ab79834400bdec90254fabcd1650
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4501BFB52C0344BFE710EBA5DC4DF977B6CEB89B11F008511FA05DB191C6709801CB20
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009ED4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 009ED501
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009ED4DC: Process32FirstW.KERNEL32(00000000,?), ref: 009ED50F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009ED4DC: CloseHandle.KERNEL32(00000000), ref: 009ED5DC
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A0A16D
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00A0A180
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00A0A1B3
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00A0A268
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 00A0A273
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0A2C4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce79111e1d60a8b8936d22c039667bb13c84c53980604e89f7ad363265455a7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 44c48c63f344401e66e41aaf9b57a872cae9d1c00f6691159a20061962e81308
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce79111e1d60a8b8936d22c039667bb13c84c53980604e89f7ad363265455a7e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1617C71204342AFD710DF15D494F59BBA1AFA8318F14849CE4668B7E3C772ED45CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00A13925
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00A1393A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00A13954
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A13999
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 00A139C6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00A139F4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b4c4154f136de344c1305c3a60e41dfc296bf45e0892dcc7323565e7e43738ec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c3764c39f0c2982875077089cb3af6d37ea3d2d2d5b2055503bf9a155f1b1eed
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4c4154f136de344c1305c3a60e41dfc296bf45e0892dcc7323565e7e43738ec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E418172A00219ABEF219F64CC45BEA7BA9FF48350F100526F958E7281D7759E94CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009EBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009EBCFD
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 009EBD1D
                                                                                                                                                                                                                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 009EBD53
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(018B48F0), ref: 009EBDA4
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(018B48F0,?,00000001,00000030), ref: 009EBDCC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 11f39d49b84b8f5cf9044b8f5eef02bf6496560539bb03a2211eb5e13fe9d43e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 918febb205383624de96554564321f39ad35ace7c600fe664b46f04c083c3956
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11f39d49b84b8f5cf9044b8f5eef02bf6496560539bb03a2211eb5e13fe9d43e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C251BEB0A00289ABDF12CFAADC84BAFBBF9BF85324F148119E551972D0D7709D81CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009EC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 009EC913
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                              • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f0f1bb452b8ce105a9d2337bcf703dfb356b6b6ea50108f9c557ce6860598d0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6bcb7d90ae21acbd664ee5d54e023ec5058721accfe7e00f53f9a2e9a6b07b03
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0f1bb452b8ce105a9d2337bcf703dfb356b6b6ea50108f9c557ce6860598d0b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81118C76689346BEE7029B55DD83DEE379CDF56324B20042AF440A62C3E7F85E0252A9
                                                                                                                                                                                                                                                                                                                                                                              Function 009EED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0017f2d240eeed9f9599c06b3120c85055ad8af7a7100d539dff73ff7b82d84f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e495e61a98cf468978a4fed5ed59fefc4f54fbe69111a412c67e5c30ca79238b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0017f2d240eeed9f9599c06b3120c85055ad8af7a7100d539dff73ff7b82d84f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE419065C10258B5CB11EBF48C8ABCFB7ACAF86710F508466E924E3121EB34E655C7E5
                                                                                                                                                                                                                                                                                                                                                                              Function 0099F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 0099F953
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 009DF3D1
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 009DF454
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0099489d55bba76b9d2ee3b29d5d9425940b73efff9a926a6076dd25d5a16568
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 303dc4624b900ee95acb74ec4b265c758d45527f0aaf024e6bdcde0e2d84ab19
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0099489d55bba76b9d2ee3b29d5d9425940b73efff9a926a6076dd25d5a16568
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13413B31244640BEDF38DB3DC8B876AFB9AAB56364F14C43DE047D6660D675A881C710
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00A12D1B
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00A12D23
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00A12D2E
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00A12D3A
                                                                                                                                                                                                                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00A12D76
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00A12D87
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00A15A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00A12DC2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00A12DE1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3c90fc37c82013648a78ba0ef1b41207026d385957de9f0db1bd3ca2606d397a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c13b1d909920790b2cbcd601b869dd1a24d5e9881a98fe073374aa5ab57bd9a3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3c90fc37c82013648a78ba0ef1b41207026d385957de9f0db1bd3ca2606d397a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67319C72241214BFEB118F50DC8AFEB3BADEF09761F048055FE089A291C6759C51CBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 009E5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3f284848acd6d5310b5028091f6152bc7c540afa2377b4f94ff81c8adade535c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 443cfc3f9a228f10715c89f2c0e7f6e4beac2da3e456829d1ea05426c51d95e2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f284848acd6d5310b5028091f6152bc7c540afa2377b4f94ff81c8adade535c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A21EE71744A89BFDA169A228E92FFB335CBF6178CF450430FD049A581FB65ED1081E5
                                                                                                                                                                                                                                                                                                                                                                              Function 00A04FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 77fcacb557caa95ae716b367ae9b7e48d755cdda2583cd1c717fb7b8b3ff1ff8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: be24ef59bff360109649013a919add53f0d3f86af88ded3927f814239ae59bc9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77fcacb557caa95ae716b367ae9b7e48d755cdda2583cd1c717fb7b8b3ff1ff8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46D1BE75E0060AAFDF10DFA8E891BAEB7B5BF48304F148569E915AB281E370DD41CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 009C1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 009C15CE
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C1651
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,009C17FB,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C16E4
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C16FB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,009C17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 009C1777
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009C17A2
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009C17AE
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e98fcc8face0766bfa6c1ef069963981935a1ff8e3eef3a3461fd3be8a7a743e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6be01a621404a29ad7cdcfc66cf35f5105a4e938ecb14abd9d55cf7a2e069f7d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e98fcc8face0766bfa6c1ef069963981935a1ff8e3eef3a3461fd3be8a7a743e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE91B371E002569ADF208EA4C951FEEBBB99F8A310F18465DF805E7182D735CD40CBAA
                                                                                                                                                                                                                                                                                                                                                                              Function 00A04523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ec46dd3cc5c9f375a8dab32d9a88e48b71e13c70c616548f751dd1d977374f9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 39cdb9ec387d6128aeddd0dc0b598add0e2ff702cde51aaa0a8ea4fa2fcfdfce
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec46dd3cc5c9f375a8dab32d9a88e48b71e13c70c616548f751dd1d977374f9a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 959173B1A00219AFDF20CFA5D844FAEB7B8FF89714F108559F615AB281D7709941CFA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009F1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 009F125C
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 009F1284
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 009F12A8
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F12D8
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F135F
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F13C4
                                                                                                                                                                                                                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 009F1430
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a3f27c4ec534f8978a2ac497d0519957ced80ef3bc8d63b7c3569a6277f1780f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f44e138efc3c78415b85b8bb2fcc3e7f344f2f43351e783fa1faf7b871809fe5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3f27c4ec534f8978a2ac497d0519957ced80ef3bc8d63b7c3569a6277f1780f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F919D71A00219DFDB00DF98C885BBEB7B9FF85325F104429EA50EB2A1D774A941CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 0099948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e74ba7c39bb192cd442d53091a09f195faeb01668c5a206daaf65281230b5923
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ce72e9b4724386fe3999830c1fcbd0025bb4555aa7037845cb05c13667bfbb16
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e74ba7c39bb192cd442d53091a09f195faeb01668c5a206daaf65281230b5923
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34913671D44219EFCF10CFA9C884AEEBBB8FF49320F148459E915B7251D378A942CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A03947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00A0396B
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00A03A7A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A03A8A
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00A03C1F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F0CDF: VariantInit.OLEAUT32(00000000), ref: 009F0D1F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F0CDF: VariantCopy.OLEAUT32(?,?), ref: 009F0D28
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009F0CDF: VariantClear.OLEAUT32(?), ref: 009F0D34
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0ba3c414c386d90432c266249eb5e01d95624f88a72306c98b9b3a34b3e18200
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3a68f034b8f20c0d9b0d6eeaea5058c576ffe21a986eafd99b6a69d627cc92d4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ba3c414c386d90432c266249eb5e01d95624f88a72306c98b9b3a34b3e18200
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 569148756083459FCB04EF64D48096AB7E8BFC9354F14882DF8999B391DB31EE05CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 00A04BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?,?,009E035E), ref: 009E002B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0046
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0054
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?), ref: 009E0064
                                                                                                                                                                                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00A04C51
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A04D59
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00A04DCF
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 00A04DDA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e6911e63a533eecb323922d105ed37442838371529a02afdbb66ad681581a20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ff9a9dd21b1fa7b6f18f9857accd8fb29d7c1ec86478c94dd9a1af2b618be07
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e6911e63a533eecb323922d105ed37442838371529a02afdbb66ad681581a20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 829129B1D0021DAFDF14EFA4D891AEEB7B8BF48310F10816AE515A7291EB309E45CF60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A120FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenu.USER32(?), ref: 00A12183
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 00A121B5
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00A121DD
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A12213
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 00A1224D
                                                                                                                                                                                                                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 00A1225B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00A122E3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f96ce435d8003b8080dd272661081d4cc972993debc872a46d5b6b415d7f990c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d2f861b42ef2ad41352ad510eda4664eab65f82f062881e13534e399f2fc032
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f96ce435d8003b8080dd272661081d4cc972993debc872a46d5b6b415d7f990c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B716F75A00205AFCB14EFA8C845BEEB7F5EF88320F148459E956EB351D734ED918B90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A17E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(018B4BE8), ref: 00A17F37
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowEnabled.USER32(018B4BE8), ref: 00A17F43
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00A1801E
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(018B4BE8,000000B0,?,?), ref: 00A18051
                                                                                                                                                                                                                                                                                                                                                                              • IsDlgButtonChecked.USER32(?,?), ref: 00A18089
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(018B4BE8,000000EC), ref: 00A180AB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00A180C3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 18715e3849eae1228243b58cc3a24481aef86b515e34e4114c7ce2ecffb782f0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 82185c8cd9da16638a2448c6e9d05564594858d57c493d663fa115496a321118
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18715e3849eae1228243b58cc3a24481aef86b515e34e4114c7ce2ecffb782f0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99717A74608204AFEB21DF64C884FEFBBB9EF09310F145459E955972A1CB35AD86CB20
                                                                                                                                                                                                                                                                                                                                                                              Function 009EAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(?), ref: 009EAEF9
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 009EAF0E
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 009EAF6F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 009EAF9D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 009EAFBC
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 009EAFFD
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 009EB020
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ac0457b4d7592f7ad098dece27aae32ab2aca81a050481c6b6ce7261c666b690
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d409124d82289796c2be315928a796bee86c09606663acd538a80c5b2157558c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac0457b4d7592f7ad098dece27aae32ab2aca81a050481c6b6ce7261c666b690
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6751AFA06047D53DFB3783368C45BBBBEA95B46304F088989E1E9558E2C398FC88D751
                                                                                                                                                                                                                                                                                                                                                                              Function 009EACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 009EAD19
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 009EAD2E
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 009EAD8F
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 009EADBB
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 009EADD8
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 009EAE17
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 009EAE38
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a183f1c04071ec4f96e969b352201de918625c829d5cf4754af77086ddb4f43c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0630ed468f727cea1795a14a3476f2e4ed041d7100d607671e60297da19181f5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a183f1c04071ec4f96e969b352201de918625c829d5cf4754af77086ddb4f43c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A851D1A15047D53DFB3382668C95BBABEAD6F46300F08848CE1D9468E2C294FC88D762
                                                                                                                                                                                                                                                                                                                                                                              Function 009B542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetConsoleCP.KERNEL32(009C3CD6,?,?,?,?,?,?,?,?,009B5BA3,?,?,009C3CD6,?,?), ref: 009B5470
                                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 009B54EB
                                                                                                                                                                                                                                                                                                                                                                              • __fassign.LIBCMT ref: 009B5506
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,009C3CD6,00000005,00000000,00000000), ref: 009B552C
                                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,009C3CD6,00000000,009B5BA3,00000000,?,?,?,?,?,?,?,?,?,009B5BA3,?), ref: 009B554B
                                                                                                                                                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,009B5BA3,00000000,?,?,?,?,?,?,?,?,?,009B5BA3,?), ref: 009B5584
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e5e7ec65b03eb2cfc861b9875dabd16ac5694199e27284094e7e512ba9a1cc47
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9695fc074a3d171c90828254aebfa5a3669aeeca4e8f83c522114b80cb721805
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5e7ec65b03eb2cfc861b9875dabd16ac5694199e27284094e7e512ba9a1cc47
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F510270A00609AFDB20CFA8D985BEEBBF9EF09321F15411AF955E7291D770DA41CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009A2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A2D4B
                                                                                                                                                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009A2D53
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A2DE1
                                                                                                                                                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 009A2E0C
                                                                                                                                                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009A2E61
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4593c94286b64bc6f2f3dd6df2839ca3863cd0cde693d5cba0f1514e49878de3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d93300ed88ee8a44dbd577cdf58f311f6037401ea7c2c8d7ae687bb775c6328b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4593c94286b64bc6f2f3dd6df2839ca3863cd0cde693d5cba0f1514e49878de3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF417134A01209ABCF10DF6CC845A9EBBB9BF86328F148155E8146B392D735EA55CBD0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A010B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0304E: _wcslen.LIBCMT ref: 00A0309B
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00A01112
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01121
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A011C9
                                                                                                                                                                                                                                                                                                                                                                              • closesocket.WSOCK32(00000000), ref: 00A011F9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fe07f190adc204147e978c6c4811091507c2547f66ca15d3940f341b0aeadbbb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 02af2845d97112b9c598529fd7012f923348100e0760a59ee61d7990c897b8ca
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe07f190adc204147e978c6c4811091507c2547f66ca15d3940f341b0aeadbbb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7141C371600208AFDB14DF54D884BEABBE9EF85324F148159F9159B2D1D770ED42CBE1
                                                                                                                                                                                                                                                                                                                                                                              Function 009ECF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,009ECF22,?), ref: 009EDDFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,009ECF22,?), ref: 009EDE16
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 009ECF45
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 009ECF7F
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009ED005
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009ED01B
                                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 009ED061
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1f27cde6e76b02666da86a3b2bd5a1220e3f346abd87c49d79b6edb1eede1acb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 07204f6299b5ebdf215ab42f33085a38c4d2f4fafbcda1369896342028cc089f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f27cde6e76b02666da86a3b2bd5a1220e3f346abd87c49d79b6edb1eede1acb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB4166B19452585FDF13EFA5C981BDEB7BDAF48380F0004E6E545EB141EB34AA85CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00A12E1C
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A12E4F
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A12E84
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00A12EB6
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00A12EE0
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A12EF1
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A12F0B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2fd14be2e601c332b5a6b9039bddd5f708b59ce434f7541bc1a42dd40080f867
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b568af90b5c60e4434584c0ac608add85464d911b7398b267e0c9bce5599d745
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd14be2e601c332b5a6b9039bddd5f708b59ce434f7541bc1a42dd40080f867
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0431F234684250AFEB21CF98DC84FA53BE5FB8A721F154164F9108B2B1CB75ECA19B41
                                                                                                                                                                                                                                                                                                                                                                              Function 009E7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7769
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E778F
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 009E7792
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 009E77B0
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 009E77B9
                                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 009E77DE
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 009E77EC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 08f6d621e610f97528e6eb88c48777a7f1596939f808b13e64962747dc2c9b87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1bda2bafbe09fdd40c74fe84c2e702e3c9671c6b6d3817c6a477185ea4853d45
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08f6d621e610f97528e6eb88c48777a7f1596939f808b13e64962747dc2c9b87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21B076608219AFDF11DFE9CC88DFBB3ACEB09364B048425FA05DB150D670DC828761
                                                                                                                                                                                                                                                                                                                                                                              Function 009E77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7842
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 009E7868
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 009E786B
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 009E788C
                                                                                                                                                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 009E7895
                                                                                                                                                                                                                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 009E78AF
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 009E78BD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 68b4ae4581e7fab665dfc05a225fdd60c3a5a04f9c3f20ff0444331b2a2dca82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ed43987119ffb7db4e7fa9b9e2509d5d1b44b18473192e74f71773eda664765
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68b4ae4581e7fab665dfc05a225fdd60c3a5a04f9c3f20ff0444331b2a2dca82
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5821B031608214AFDB11DFE9CCCCDAAB7ACEB183607108125F915CB2A0D674DC41CB65
                                                                                                                                                                                                                                                                                                                                                                              Function 009F04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(0000000C), ref: 009F04F2
                                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 009F052E
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9573f8f6537203730c120e168737a94fba34bbe246899f54b85b5d873df22773
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4c0121a2518bee8270b385ca0530c364c5da3420c209a2b7d20cf108fae22be2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9573f8f6537203730c120e168737a94fba34bbe246899f54b85b5d873df22773
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11216075500309ABDF209F6ADC44AAA77BCBF95724F204A19FAA1D72E1D7B0D941CF20
                                                                                                                                                                                                                                                                                                                                                                              Function 009F05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6), ref: 009F05C6
                                                                                                                                                                                                                                                                                                                                                                              • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 009F0601
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                              • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e938ba35140d7302de59ea1553fc9bd8ed0ac0dc6b15a071817738d5a7e3d5ab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d3ae2396113420eed440d3e9c7500c23e4b3da48fb1849ca9606faf0b23207fd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e938ba35140d7302de59ea1553fc9bd8ed0ac0dc6b15a071817738d5a7e3d5ab
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB21A3755003199BDB209F698C04AAA77ECBFD5734F204B19FAB1E72D1D7B09861CB10
                                                                                                                                                                                                                                                                                                                                                                              Function 00A140AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: GetStockObject.GDI32(00000011), ref: 00986060
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00A14112
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00A1411F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00A1412A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00A14139
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00A14145
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 115dc4951e7ab7b15b8cd833157b2c8e33cd6ffdf8ffca91be56f989fe952faa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 03f9bf19b62e03bf4aa05d62dc87725f695dda1045f4b05c7726c8b9eec98e2e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 115dc4951e7ab7b15b8cd833157b2c8e33cd6ffdf8ffca91be56f989fe952faa
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B711B2B2140219BEEF119FA4CC86EE77F6DEF097A8F004210BA18A6150C7769C61DBA4
                                                                                                                                                                                                                                                                                                                                                                              Function 009BD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009BD7A3: _free.LIBCMT ref: 009BD7CC
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD82D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD838
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD843
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD897
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD8A2
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD8AD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD8B8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 950a6317ee48bb8feeffde864bbdff02ac409b93e0875093dc4c652007aca3fa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 981121B1542B08BBE521BFB0CE87FCB7BDCAF84720F404C25B29DA6492EA65B5054650
                                                                                                                                                                                                                                                                                                                                                                              Function 009EDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 009EDA74
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 009EDA7B
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 009EDA91
                                                                                                                                                                                                                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 009EDA98
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 009EDADC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 009EDAB9
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5733d554c2bd95ad76f5a9d98ecadf34f5a06160f67ad2938671c9287a9c6714
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b0ac014d5eb87dbffe90575a7e6bc22aa2b4404520822de92271e1f1108d79fb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5733d554c2bd95ad76f5a9d98ecadf34f5a06160f67ad2938671c9287a9c6714
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 970186F65402087FE711DBE09D89FE7336CE708311F4049A1B716E2041E6749E854F74
                                                                                                                                                                                                                                                                                                                                                                              Function 009F096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(018AE8E0,018AE8E0), ref: 009F097B
                                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(018AE8C0,00000000), ref: 009F098D
                                                                                                                                                                                                                                                                                                                                                                              • TerminateThread.KERNEL32(?,000001F6), ref: 009F099B
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 009F09A9
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009F09B8
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(018AE8E0,000001F6), ref: 009F09C8
                                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(018AE8C0), ref: 009F09CF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c45027c8b21bd8d17ce61e179c3c1f8c5e79e9a1b05c53ea584b6a115f85e83a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6f68a98fe89e9b9e5428f7d2f686ce80ce137c5c97030bb16890624426cf8ed0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c45027c8b21bd8d17ce61e179c3c1f8c5e79e9a1b05c53ea584b6a115f85e83a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5F03131482622BBD751AFD4EE8CBE6BB39FF51712F405015F201508A1D7749466CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A01C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00A01DC0
                                                                                                                                                                                                                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00A01DE1
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01DF2
                                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(?,?,?,?,?), ref: 00A01EDB
                                                                                                                                                                                                                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 00A01E8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E39E8: _strlen.LIBCMT ref: 009E39F2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A03224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,009FEC0C), ref: 00A03240
                                                                                                                                                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 00A01F35
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0c35175b37c43bcdd2c9148be76b125db159be7d34c09d5ab4c037bea9cf881c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 58c335cf3b571c9ea68b14c472642f9b15f4e51f53630c8dbc901b6189e77c46
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c35175b37c43bcdd2c9148be76b125db159be7d34c09d5ab4c037bea9cf881c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BB1CC31204305AFD724EF24D885F6ABBA5AFC5318F58894CF45A5B2E2DB31ED42CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00985D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00985D30
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00985D71
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00985D99
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00985ED7
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00985EF8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3d6a448f7e847a4c0098c4ccfadb2b1f561ef567f3e1c6ad512456d26db15f16
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ff74478e4563a5818ad2ddb0428bc4cc0451535f287e7f458ef4552efa4c9b87
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d6a448f7e847a4c0098c4ccfadb2b1f561ef567f3e1c6ad512456d26db15f16
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5CB18C34A0074ADBDB10DFA8C880BEEB7F5FF58310F14981AE8A9D7250DB34AA55DB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009B01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 009B00BA
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B00D6
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 009B00ED
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B010B
                                                                                                                                                                                                                                                                                                                                                                              • __allrem.LIBCMT ref: 009B0122
                                                                                                                                                                                                                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009B0140
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3cc34d3ac5473c412fcdd184d5c5c80d4fc0af48fd48009433d7aee9f77ac500
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C81E372A007069FE724AA68CD52BAB73E8EFC2374F24453EF451D7281E7B4D9008B90
                                                                                                                                                                                                                                                                                                                                                                              Function 009B61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,009A82D9,009A82D9,?,?,?,009B644F,00000001,00000001,8BE85006), ref: 009B6258
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,009B644F,00000001,00000001,8BE85006,?,?,?), ref: 009B62DE
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 009B63D8
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009B63E5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009B63EE
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009B6413
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6aba2e229c5c23e9d38ac47cb55b3a71f258031cbf2bab4638e8a5dd5e1cfff4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 10e5259da6331b2e06c985211790a028bc131e9d852dca0eff9b101f1c4c2629
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aba2e229c5c23e9d38ac47cb55b3a71f258031cbf2bab4638e8a5dd5e1cfff4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2851B172A00216ABEB258FA4DE81FFF77AAEB84770F154629FC05D6150DB38EC44C660
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BCCA
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0BD25
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0BD6A
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00A0BD99
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00A0BDF3
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00A0BDFF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e0db46116103303a376c69b862e4d10a745fb867e6c083d13269ee82fa5f1c3d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c6fc8b273a56825cdfe363224d5eca0b7424bf1dc6386ac1d19a02a19952ba7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0db46116103303a376c69b862e4d10a745fb867e6c083d13269ee82fa5f1c3d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B81C030218245EFD714DF24D991E2ABBE5FF84308F14855CF4598B2A2DB31ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 009DF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000035), ref: 009DF7B9
                                                                                                                                                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00000001), ref: 009DF860
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(009DFA64,00000000), ref: 009DF889
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(009DFA64), ref: 009DF8AD
                                                                                                                                                                                                                                                                                                                                                                              • VariantCopy.OLEAUT32(009DFA64,00000000), ref: 009DF8B1
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009DF8BB
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9e5748d1e8d15b1542168bcb03a06d753436c9ed066fd369369df6d61bf3d33e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f717a62bc2ad8842bc78a4f174caa310e9033ed40f4655c769ab0e9fbe47cabd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e5748d1e8d15b1542168bcb03a06d753436c9ed066fd369369df6d61bf3d33e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E51C635980310BACF14AB65D8B6B39B3A8EF85310B24C867E907EF391DB748C40C796
                                                                                                                                                                                                                                                                                                                                                                              Function 009F910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(00000058), ref: 009F94E5
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F9506
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F952D
                                                                                                                                                                                                                                                                                                                                                                              • GetSaveFileNameW.COMDLG32(00000058), ref: 009F9585
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                              • String ID: X
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b39fce1213d349e8056a7bc655960270a240270aa5abd248db8e59414560064a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8f160e3aa0b82fc58480fc9e2bab66bf741900abadbe95031c3b70a340ef3b28
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b39fce1213d349e8056a7bc655960270a240270aa5abd248db8e59414560064a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EEE178316083119FD724EF24C881B6AB7E4BF85314F14896DF9999B3A2DB31ED05CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 0099920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • BeginPaint.USER32(?,?,?), ref: 00999241
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009992A5
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 009992C2
                                                                                                                                                                                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 009992D3
                                                                                                                                                                                                                                                                                                                                                                              • EndPaint.USER32(?,?,?,?,?), ref: 00999321
                                                                                                                                                                                                                                                                                                                                                                              • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 009D71EA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999339: BeginPath.GDI32(00000000), ref: 00999357
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 071df920a95f11dcfe74ecb90467ccc33cda28feb8898b4296bc32bd4487dfa6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9b6006f3f77405cd083eef74be73082a216968b91dee4b9826c029ee2931d13
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 071df920a95f11dcfe74ecb90467ccc33cda28feb8898b4296bc32bd4487dfa6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0241B070148300EFDB21DFA8CC85FBA7BA8FB46321F04462DF965872A1D7319846DB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009F07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 009F080C
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 009F0847
                                                                                                                                                                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 009F0863
                                                                                                                                                                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 009F08DC
                                                                                                                                                                                                                                                                                                                                                                              • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 009F08F3
                                                                                                                                                                                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 009F0921
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c9187c888cfc8cffa513b91f6ea9e9b82eae0e30b14e93489623a2aba9e88ae8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 91bd66663744f41efdf8114728468a3260a4edf7e685d669e51da044c1f709de
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9187c888cfc8cffa513b91f6ea9e9b82eae0e30b14e93489623a2aba9e88ae8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B417E75900209EBDF14EF94DC85AAAB778FF84310F1480A5ED04DA297D731DE65DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A181DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,009DF3AB,00000000,?,?,00000000,?,009D682C,00000004,00000000,00000000), ref: 00A1824C
                                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 00A18272
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00A182D1
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(?,00000004), ref: 00A182E5
                                                                                                                                                                                                                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 00A1830B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00A1832F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ea339cb9d5eba2b5ff12668dd538dae7694a4cac9b36a17fac6075cccecc8d6b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d3d0fc99407b814db5f520a4259970dca515a52db2f61ee2454d100b8ceee6a6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea339cb9d5eba2b5ff12668dd538dae7694a4cac9b36a17fac6075cccecc8d6b
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A041E474601640EFDB22CF54D899BE47BE1FB0A715F1841A8F5684F2B2CB79AC82CB40
                                                                                                                                                                                                                                                                                                                                                                              Function 009E4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 009E4C95
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 009E4CB2
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 009E4CEA
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009E4D08
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 009E4D10
                                                                                                                                                                                                                                                                                                                                                                              • _wcsstr.LIBVCRUNTIME ref: 009E4D1A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 19fa7dbdd446d6578690ad76fdeff1262cdc0f56f68c072e06cca4e53493f798
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8bddacc791c9fc6602e0e2155d973fd820728c588c14281c5f787621052be760
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19fa7dbdd446d6578690ad76fdeff1262cdc0f56f68c072e06cca4e53493f798
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7210B32204240BBEB169B7ADC49F7B7B9DDF85760F108039F805CB192DA65DC41D6A0
                                                                                                                                                                                                                                                                                                                                                                              Function 009F581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00983AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00983A97,?,?,00982E7F,?,?,?,00000000), ref: 00983AC2
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009F587B
                                                                                                                                                                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 009F5995
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(00A1FCF8,00000000,00000001,00A1FB68,?), ref: 009F59AE
                                                                                                                                                                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 009F59CC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b380d2dfa66a78926018c132cf36daad4ca1c6f547dfb75fc73e580d684f8df7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 315d41df2f9925f73e7793fba7b7149b9ebda278855efdabc61f8b8aca2f8672
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b380d2dfa66a78926018c132cf36daad4ca1c6f547dfb75fc73e580d684f8df7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07D173746087059FC714EF24C480A2ABBE5FF89724F15885DFA8A9B361DB31EC45CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009E175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009E0FCA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009E0FD6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009E0FE5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009E0FEC
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009E1002
                                                                                                                                                                                                                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000000,009E1335), ref: 009E17AE
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000), ref: 009E17BA
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 009E17C1
                                                                                                                                                                                                                                                                                                                                                                              • CopySid.ADVAPI32(00000000,00000000,?), ref: 009E17DA
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,009E1335), ref: 009E17EE
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E17F5
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f9aeb8540410c15b8a7c15b034fb5f5531b18f1f7b73f0d706450d93e8ce9ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 80d82af0dcaaadfce70bf18b9c1b5fae51903ff6a236d2d0fe2632689ae44bda
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f9aeb8540410c15b8a7c15b034fb5f5531b18f1f7b73f0d706450d93e8ce9ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E811A932680205FFDB11DFA5CC49BAE7BB9EB45765F108518F881A7210C736AD41CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009E14FF
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 009E1506
                                                                                                                                                                                                                                                                                                                                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 009E1515
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000004), ref: 009E1520
                                                                                                                                                                                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 009E154F
                                                                                                                                                                                                                                                                                                                                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 009E1563
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a6d93b50bce6b301ea5cdf4311d76a8f813e3b0f6e33a6f2b8a6d7f776d4f54e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: eb0869a5abb2df8e6db171849d2700f9edf70d7590963d7fd2baaea6826015d8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6d93b50bce6b301ea5cdf4311d76a8f813e3b0f6e33a6f2b8a6d7f776d4f54e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20115672600249ABDF12CFE8DD49BDE7BADEF48714F048024FA05A61A0D375CE61DB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009A3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,009A3379,009A2FE5), ref: 009A3390
                                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 009A339E
                                                                                                                                                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 009A33B7
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,009A3379,009A2FE5), ref: 009A3409
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b5cee7e99c6ff4d56f25662e106d252d6a0f92785259344a8c2ff3bf4cd24f01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7b2da55b6b931b0eb283013fee50de442cb0a4d9b20026373c8e38ecaee1211b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5cee7e99c6ff4d56f25662e106d252d6a0f92785259344a8c2ff3bf4cd24f01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7801473B60E711BEEA6427F47C866672A98EBC7379320C229F424841F0FF124D0251C4
                                                                                                                                                                                                                                                                                                                                                                              Function 009B2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,009B5686,009C3CD6,?,00000000,?,009B5B6A,?,?,?,?,?,009AE6D1,?,00A48A48), ref: 009B2D78
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2DAB
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2DD3
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,009AE6D1,?,00A48A48,00000010,00984F4A,?,?,00000000,009C3CD6), ref: 009B2DE0
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,009AE6D1,?,00A48A48,00000010,00984F4A,?,?,00000000,009C3CD6), ref: 009B2DEC
                                                                                                                                                                                                                                                                                                                                                                              • _abort.LIBCMT ref: 009B2DF2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5bf8c82b4063843cf2084ec2a5944083f3209c28d30ea6f554671c51cde8121e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 09a4c3b3ac414140596bae410b8dea89ffea559cb35377e5ef90ae152a5d5425
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bf8c82b4063843cf2084ec2a5944083f3209c28d30ea6f554671c51cde8121e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48F0C83654561037C612B778BF0AFDA265DFFC67B1F258918F838961D6EE2488025160
                                                                                                                                                                                                                                                                                                                                                                              Function 00A18A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: BeginPath.GDI32(?), ref: 009996B9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00A18A4E
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000003,00000000), ref: 00A18A62
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00A18A70
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,00000000,00000003), ref: 00A18A80
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 00A18A90
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00A18AA0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31bb3d34c06db57f0d131c134b2ab34f52f7473d31c5ac524131bf7dd630dd49
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d8bc53f8bf733eb55d79d58527e808d3ad25b64b97dbde0fa7c1f9f85dac8baa
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31bb3d34c06db57f0d131c134b2ab34f52f7473d31c5ac524131bf7dd630dd49
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D11B776040109FFDB129F94EC88EEA7F6DEB083A4F04C052FA199A1A1C7719D56DBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 009E5218
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 009E5229
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 009E5230
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 009E5238
                                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 009E524F
                                                                                                                                                                                                                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,00000001,?), ref: 009E5261
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e0d9158b1ec5c1e08b0cb468ac51d06f1223e39691a01670f501741139678051
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 21924f67b244b368b090e3d01486e4a279adc0a6f300794d23a5a90d0db233a9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0d9158b1ec5c1e08b0cb468ac51d06f1223e39691a01670f501741139678051
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2014475A40754BBEB109BE69C49B9EBF78EB48761F048065FA05A7381D6709D01CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00981BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00981BF4
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 00981BFC
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00981C07
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00981C12
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 00981C1A
                                                                                                                                                                                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 00981C22
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b8949b950cd8dfd29f14e3a0f629a34ab935eab54f674daf03fae32ff73fa861
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 23cc2df4ebed77ac28f1ed4a923a76d006a807a9f7d32275869e0fefc23000d1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8949b950cd8dfd29f14e3a0f629a34ab935eab54f674daf03fae32ff73fa861
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F60167B0942B5ABDE3008F6A8C85B52FFA8FF19354F00411BA15C4BA42C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                              Function 009EEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 009EEB30
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 009EEB46
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 009EEB55
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB64
                                                                                                                                                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB6E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 009EEB75
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d01ef836aaea3b1bdaa5e67475f2430a9d80ea398e3fc6c9c4fb535fdf136dc4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6640f220f57d0be27e8f568e91236d92b5297deeb0cef6694a1c82884508e171
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d01ef836aaea3b1bdaa5e67475f2430a9d80ea398e3fc6c9c4fb535fdf136dc4
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AF03072580168BBE72197929C0DEEF7A7CEFCAB21F008158F611D1091D7A45A02C6B5
                                                                                                                                                                                                                                                                                                                                                                              Function 009D7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?), ref: 009D7452
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 009D7469
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 009D7475
                                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 009D7484
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 009D7496
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 009D74B0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 888de3397135960ee93373be4eaa17c6728c3a5c4f685f20a9924b1823b0b74d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c1f60584c6e95b32ce7ce245c6dfee37cc4eaf61d3a49327cb0ce7440273048f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 888de3397135960ee93373be4eaa17c6728c3a5c4f685f20a9924b1823b0b74d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2018631480215EFEB519FE4DC08BEABBB6FB04321F608164F926A21B0DB311E42EB10
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 009E187F
                                                                                                                                                                                                                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 009E188B
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009E1894
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 009E189C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 009E18A5
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E18AC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1010cd47f26430decf6f349a55c75e4fd6822acca11fc3872f9c0849eae6a532
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7d4ec8b9a63bff75ecf371b985e42ab7378006f728694f66834d1ba8b3ec4b28
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1010cd47f26430decf6f349a55c75e4fd6822acca11fc3872f9c0849eae6a532
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7E0C236484211BBDA019BE1ED0C98ABB2AFB49B32B10C220F225850B0CB729422DB50
                                                                                                                                                                                                                                                                                                                                                                              Function 009EC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 009EC6EE
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009EC735
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 009EC79C
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 009EC7CA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4fe78113e7f569bb02e7c47bcd680f3c04ce7dda1d8c63a766786a992247a628
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 50962fb087d67a4925969b633f5a19eda0cf4d512f61b05388bd9c740e829a7e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fe78113e7f569bb02e7c47bcd680f3c04ce7dda1d8c63a766786a992247a628
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A151D1B16043819BD712DF2AC885B6BB7E8AF8A710F040A2DF9D5D3290DB75DC46CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(0000003C), ref: 00A0AEA3
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessId.KERNEL32(00000000), ref: 00A0AF38
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0AF67
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: baca742a82b9317962c55874d4754167a4b38311923b39714171588cf8d3aa98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e3c1a4245c796216ffdbe8175ce3918ec1761c546dc7c6dd3fabad1c9da7e8f4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: baca742a82b9317962c55874d4754167a4b38311923b39714171588cf8d3aa98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E717A71A00619DFCB14EF94D484A9EBBF0FF48314F148499E856AB792CB74ED41CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 009E7206
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 009E723C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 009E724D
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 009E72CF
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 431bae32f41b19910e114e504401bdc6d3e1f8bc98130d614c9a6993f5d3af6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ffe6bb2dceeb4f85c9367f64d46af19dd960f7850a4efd5e2018eff283ead365
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 431bae32f41b19910e114e504401bdc6d3e1f8bc98130d614c9a6993f5d3af6a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4419F71A04245EFDB16CF95C884B9ABBA9EF84310F1484A9BE059F30AD7B0DD41CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00A13E35
                                                                                                                                                                                                                                                                                                                                                                              • IsMenu.USER32(?), ref: 00A13E4A
                                                                                                                                                                                                                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00A13E92
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00A13EA5
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6ffd1b1a5a7399df1c548e77d4f4d796e38ab529fec2405dbb235a2d6292ca7c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 255c8f923a0bcb07e14885aacaab8611df78da46c6428823e964c89856f92669
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ffd1b1a5a7399df1c548e77d4f4d796e38ab529fec2405dbb235a2d6292ca7c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77410876A01309EFDF10DF94D884AEABBF9FF49364F044129E915A7290D730AE95CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 009E1E66
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 009E1E79
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 009E1EA9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1cf04d5ddb841baff2f7e50670f8337326366bddce59d74acae25783cdfdaaf5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9c35b9785022131bdc066f452b709da80fc24ec81b2267871b08de4a0eeea1dd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cf04d5ddb841baff2f7e50670f8337326366bddce59d74acae25783cdfdaaf5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5212371A00144BFDB15ABB5CC49EFFB7B9EF85360B148519F826A72E1DB384D0A8720
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00A12F8D
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 00A12F94
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00A12FA9
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00A12FB1
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 67540b6390a2d64f7d92c9896b7975764ab0ddb83de6898268355cf1a30f665d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6651d5ce17af9d2f938a8370f4994ad32f53ad0f2155e8a3670f7111ffbee7c6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67540b6390a2d64f7d92c9896b7975764ab0ddb83de6898268355cf1a30f665d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16218C71204209ABEB209FA4DC84FFB77BDEB99364F104618F950D6190D771DCB29760
                                                                                                                                                                                                                                                                                                                                                                              Function 009A4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,009A4D1E,009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002), ref: 009A4D8D
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 009A4DA0
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,009A4D1E,009B28E9,?,009A4CBE,009B28E9,00A488B8,0000000C,009A4E15,009B28E9,00000002,00000000), ref: 009A4DC3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a92e5c82566d96527eab7dd5e3b43919713edcf74edc9c19bd73acdf8fc562da
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8416ef6afd8f6a5751c30f5cbe3dd7f4a01c6a3b7c20766a14ce29588e079991
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a92e5c82566d96527eab7dd5e3b43919713edcf74edc9c19bd73acdf8fc562da
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF04435580218BBDB119F94DC49BDDBBB9EF85761F044164F805A6190CB759941CAD0
                                                                                                                                                                                                                                                                                                                                                                              Function 00984E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E9C
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00984EAE
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00984EDD,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984EC0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 81612ea1894030b9bcc87f831065e64b07fc697b6584aed6e2aa41268b745ce8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7feee1776254bbd97b3258ecd9e5fbda593bd3c39ed662de898b4a61f624d7a8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81612ea1894030b9bcc87f831065e64b07fc697b6584aed6e2aa41268b745ce8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1E0CD36AC55237BD2316B656C18B9F665CBFC1F737054215FC00E2301DB64CD0241A1
                                                                                                                                                                                                                                                                                                                                                                              Function 00984E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E62
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00984E74
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,009C3CDE,?,00A51418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00984E87
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c264ab2363bf0889ea0f13abf060f5ef0ab5e83c53bab4e55b02980419319f29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 94f03d3eb1c7e41a45f8e96f72439a544d6ef83d9bcd6769ec6bef958f9dc66c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c264ab2363bf0889ea0f13abf060f5ef0ab5e83c53bab4e55b02980419319f29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45D0C23658262277CA222B247C08DCB2A1CBF81F313054610B801E2211CF24CD0282D1
                                                                                                                                                                                                                                                                                                                                                                              Function 009F2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2C05
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 009F2C87
                                                                                                                                                                                                                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 009F2C9D
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2CAE
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 009F2CC0
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c216aab94f3f74a3ac801a5e0c4501f64b11fd384ddf6afbc820d910d7df554
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: db5c590cd4916086a1736d80a31349c064743f4d84c39ad3e7cb769c71c23f54
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c216aab94f3f74a3ac801a5e0c4501f64b11fd384ddf6afbc820d910d7df554
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1B12D7290111DABDF11EFA4CC85FEEBB7DEF89350F1040A6F609E6151EA349A448BA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00A0A427
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00A0A435
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00A0A468
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00A0A63D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cd35611ca750a915ac705a556a0868e2147bef83e9564fb430f2ad9756fe2f69
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9aa4aca7a4f40219e1507c68bc0a2f018ee050ba711fa84e0bd599e90e4ab2e1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd35611ca750a915ac705a556a0868e2147bef83e9564fb430f2ad9756fe2f69
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9A19271604300AFE720EF28D886F2AB7E5AF94714F14885DF55A9B3D2D771EC418B92
                                                                                                                                                                                                                                                                                                                                                                              Function 009BBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00A23700), ref: 009BBB91
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00A5121C,000000FF,00000000,0000003F,00000000,?,?), ref: 009BBC09
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00A51270,000000FF,?,0000003F,00000000,?), ref: 009BBC36
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BBB7F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BBD4B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1a22c7714591324b679586ec0149972ae83a058e6af34f1d8a278852cf17b95e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 656fb93c5572270a6a53aa9887b4080418459e772338b726823a121732755ef9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a22c7714591324b679586ec0149972ae83a058e6af34f1d8a278852cf17b95e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C51A671900219AFCB10DFA99E81AFEBBBCFB81770F10466AE554D71D1EBB09E418B50
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,009ECF22,?), ref: 009EDDFD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,009ECF22,?), ref: 009EDE16
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE199: GetFileAttributesW.KERNEL32(?,009ECF95), ref: 009EE19A
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 009EE473
                                                                                                                                                                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 009EE4AC
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009EE5EB
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009EE603
                                                                                                                                                                                                                                                                                                                                                                              • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 009EE650
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cb0d7f68bb6a755deb66f324332ec5e23cc5cf4e94f684ab9265fd16b46e16cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a1a49416dfc05210d6bf06c00746fc7843c65d70affd13ea63962942e924a75d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb0d7f68bb6a755deb66f324332ec5e23cc5cf4e94f684ab9265fd16b46e16cf
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 165173B24083859BC725EB90DC85AEFB3ECAFC5350F00491EF589D3191EF75A6888766
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00A0B6AE,?,?), ref: 00A0C9B5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0C9F1
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA68
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0C998: _wcslen.LIBCMT ref: 00A0CA9E
                                                                                                                                                                                                                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00A0BAA5
                                                                                                                                                                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00A0BB00
                                                                                                                                                                                                                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00A0BB63
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 00A0BBA6
                                                                                                                                                                                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00A0BBB3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b33d253369d085e47cf5a59a67d1580c2abda32871ecd8189a3fa4e6aeab9842
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3e3a2a54f159c52b17b8e6b75dfed78b0db6de24ef2f409a0d4cc4bb404dcdb7
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b33d253369d085e47cf5a59a67d1580c2abda32871ecd8189a3fa4e6aeab9842
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0961BF31218205AFD314DF24D590F2ABBE5FF85348F14895CF49A8B2A2DB31ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                              Function 009E8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 009E8BCD
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 009E8C3E
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32 ref: 009E8C9D
                                                                                                                                                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 009E8D10
                                                                                                                                                                                                                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 009E8D3B
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8b1de9c69cd7c85493fbe455cc4b5b6fcb5d4e24aaad0c39c718c11bc03504ad
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9458d7dc6bec4920f1953586f929d6925f41107e424c18d0038c3cb8a2672759
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b1de9c69cd7c85493fbe455cc4b5b6fcb5d4e24aaad0c39c718c11bc03504ad
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 385178B5A00659EFCB10CFA9C884AAAB7F9FF89310B158559F949DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 009F8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 009F8BAE
                                                                                                                                                                                                                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 009F8BDA
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 009F8C32
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 009F8C57
                                                                                                                                                                                                                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 009F8C5F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 153cd103fbe589c6a73820b67423624245056eddd0f29a9bc8c8b8eeebe36322
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 99bcf0d2cb9b1d54bea9200ca960cd985a6c0145c6952d4c6f9f26586b6a975a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 153cd103fbe589c6a73820b67423624245056eddd0f29a9bc8c8b8eeebe36322
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E514035A002199FCB05EF54C881E6EBBF5FF49314F088458E949AB362DB35ED51CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A08EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00A08F40
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00A08FD0
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 00A08FEC
                                                                                                                                                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00A09032
                                                                                                                                                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00A09052
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,009F1043,?,7644E610), ref: 0099F6E6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,009DFA64,00000000,00000000,?,?,009F1043,?,7644E610,?,009DFA64), ref: 0099F70D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f004a7aa46eba75f4d9f06a569e82fea61e4687f7f93a77591905cab586b96ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b5679399c1e29943a75a4cf9e87693b24a105f893199d441c043e3a907ad754c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f004a7aa46eba75f4d9f06a569e82fea61e4687f7f93a77591905cab586b96ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C514035604209DFC715EF68D4949ADBBF1FF49324B0880A8E8459B7A2DB31ED86CF91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A16B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00A16C33
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,?), ref: 00A16C4A
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00A16C73
                                                                                                                                                                                                                                                                                                                                                                              • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,009FAB79,00000000,00000000), ref: 00A16C98
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00A16CC7
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: eb991aedd81e60ec088850f9fc70fe48fdd88f828f932828dd60a388853a0aa3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d49461715a3f665373127f938a997e5f8b334d203e3d57ad6810a72ae9e5539a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb991aedd81e60ec088850f9fc70fe48fdd88f828f932828dd60a388853a0aa3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B41B439644104AFD724CF68CD58FE97BA9EB09360F154268F995E72E0D371AD81CA90
                                                                                                                                                                                                                                                                                                                                                                              Function 009B2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9c26de1b54dd228f2620ccf3d04b86af2921982987511f315e116b16106dbd01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 95740bfd6eed466660426b55a6866876260bb165b1d1c611384f683e26ad2079
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c26de1b54dd228f2620ccf3d04b86af2921982987511f315e116b16106dbd01
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB41E476A00200AFCB24DFB8CA81A9DB7F5EFC9324F154568E515EB355DB31AD01CB80
                                                                                                                                                                                                                                                                                                                                                                              Function 0099912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00999141
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(00000000,?), ref: 0099915E
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 00999183
                                                                                                                                                                                                                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 0099919D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff0c9822d4cffef1541b35c0ca393e8d53ed66f486da54253beab1e0f5feef4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c91e704ce05efdb545e71ad33230c90237432ede2965eea9ba572a879be58f01
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff0c9822d4cffef1541b35c0ca393e8d53ed66f486da54253beab1e0f5feef4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57415E31A4C61AFBDF159FA8C844BEEF779FB05320F20871AE425A62D0D7346990CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 009F3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetInputState.USER32 ref: 009F38CB
                                                                                                                                                                                                                                                                                                                                                                              • TranslateAcceleratorW.USER32(?,00000000,?), ref: 009F3922
                                                                                                                                                                                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 009F394B
                                                                                                                                                                                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 009F3955
                                                                                                                                                                                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009F3966
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f76264cc2d848c14f0742b5671a3a57272d1f0b436c02b6d40c966dba3fafc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f652c307c5cdbc0b5386bad92d04bec2c8a85e86b0e6027454a7484105f57d9e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f76264cc2d848c14f0742b5671a3a57272d1f0b436c02b6d40c966dba3fafc8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB31F77054434ADEEB35CBB5D848BB637ECAB01351F04856DE662821A0E3FC9AC6CB11
                                                                                                                                                                                                                                                                                                                                                                              Function 009FCF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,009FC21E,00000000), ref: 009FCF38
                                                                                                                                                                                                                                                                                                                                                                              • InternetReadFile.WININET(?,00000000,?,?), ref: 009FCF6F
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFB4
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFC8
                                                                                                                                                                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,?,00000000,?,?,?,009FC21E,00000000), ref: 009FCFF2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0def0ebd715cf962c1a29e9e4cce50559396dcc6db42e0555a9fbafc47200db8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 00f852fb88fc557f54db8264788b0f856fdfa0bd47b94444168435823011db0f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0def0ebd715cf962c1a29e9e4cce50559396dcc6db42e0555a9fbafc47200db8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2314CB150420DAFDB20DFA5CA84ABBFBFDEB14351B10842EF616D2141DB34AE41DB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 009E1915
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000201,00000001), ref: 009E19C1
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?), ref: 009E19C9
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000001,00000202,00000000), ref: 009E19DA
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?), ref: 009E19E2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9b9f30c64515e281a363a8145282481ff444b2395db11c486af02592147b9400
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 17bc8b0c484923f6d39a4726cdbb36ef77b5b87c0e72e61c10770840475d3dba
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b9f30c64515e281a363a8145282481ff444b2395db11c486af02592147b9400
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3831D471900259EFCB00CFA9DD99ADE3BB5FB44325F108225F961A72D2C7709D44CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A15706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00A15745
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 00A1579D
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A157AF
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A157BA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A15816
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2bb0de54c4b2a73ccefe1fe8b1eddcb330aeb984cde1fdec375bd81643d3015e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7c0166f65628e929da0ba22579b15806155c9c6a84e4d753a2e9477b75b42739
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bb0de54c4b2a73ccefe1fe8b1eddcb330aeb984cde1fdec375bd81643d3015e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75217171D04618DADB209FB4CC85AEEB7B9FF85724F108616E929EA1C0D77489C5CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A00930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 00A00951
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00A00968
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00A009A4
                                                                                                                                                                                                                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 00A009B0
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 00A009E8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4b14ff891bfe735bf534665caa7ba94c3bf479a72363bbeb900bf4fb6821b005
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 88a3685e51a21a0ae63c9892d7b99c484710a27b0602c1f5b8a04bb08fd47452
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4b14ff891bfe735bf534665caa7ba94c3bf479a72363bbeb900bf4fb6821b005
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99218175600204AFD704EFA5D884FAEBBF5EF84750F048068F95A97362CB70AC45CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009BCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 009BCDC6
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 009BCDE9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                                                                                                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 009BCE0F
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BCE22
                                                                                                                                                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 009BCE31
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1cbc242f205076532fbdb534e59abbbed7aeaaea114bf064c28d872a459ebb71
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f5398f2c1febbf07e0f1ff8cfde0f8282f95b8159329c5221bd0bfc852d252f4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cbc242f205076532fbdb534e59abbbed7aeaaea114bf064c28d872a459ebb71
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C01A7B2601615BF63215AF66D8CDFBBA6DDEC6FB13154129FD05DB201EA61CD0281B0
                                                                                                                                                                                                                                                                                                                                                                              Function 0099990C Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 009998CC
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 009998D6
                                                                                                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 009998E9
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 009998F1
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 00999952
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ecd378060967a8d880973097fd0b35e9f2c52d0354ece0db1ad958aae41aa911
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 203b8c6403b8627a81f20841fc79157205e9da8fc1b2f84656db6cbf403fbf46
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ecd378060967a8d880973097fd0b35e9f2c52d0354ece0db1ad958aae41aa911
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68210431186290AFDF228F7DEC59AE93F68AB13331F18825DF5A24A1A1C7314952CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 00999639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                                                                                                                                                                                                                                                                                                                              • BeginPath.GDI32(?), ref: 009996B9
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2378a7e4114bb2749d39a2c1d6fd798f57fad0b0e8b45d081808b710f874ea1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1ded7ffd045e6878e8b8ab5e031363400b2194e982298cdebec69817a718d0cd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2378a7e4114bb2749d39a2c1d6fd798f57fad0b0e8b45d081808b710f874ea1c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8215E70842305EBDF11DFECEC187F97BA9BB51366F10421AF411A61B0D3759892CB94
                                                                                                                                                                                                                                                                                                                                                                              Function 009E5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4292aed827180ebca4c7f9e7eb6147a0ca838dc7eadef073f5c85a5cba4ab5df
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 960c9b7b760e881766902591402f33a3385e489f836b182e393499df42ba8a74
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4292aed827180ebca4c7f9e7eb6147a0ca838dc7eadef073f5c85a5cba4ab5df
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F501B5A2645649FFD60995129D92FFB735DAB61398F014420FD089A242FB62EE6082E0
                                                                                                                                                                                                                                                                                                                                                                              Function 009B2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,009AF2DE,009B3863,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6), ref: 009B2DFD
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2E32
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2E59
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00981129), ref: 009B2E66
                                                                                                                                                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,00981129), ref: 009B2E6F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5d60204497cd13252f4f09bfc1d5816c538e167d303c8ae833998a6d14e52457
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 44fc0d45d83d9bc5758b41114710fa2cc0b56b1f7566e2383ef987bee4fddec0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d60204497cd13252f4f09bfc1d5816c538e167d303c8ae833998a6d14e52457
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F801283624561077C613A7BA6F45EEB266DEBC67B1B218928F839A31D3EF34CC024020
                                                                                                                                                                                                                                                                                                                                                                              Function 009E000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?,?,009E035E), ref: 009E002B
                                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0046
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0054
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?), ref: 009E0064
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,009DFF41,80070057,?,?), ref: 009E0070
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7b9130e45e97e5fa893c230d6184bc6a161983023509443264d8e6ea79906c20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a3fe718896204edad7339ad6e7920be0aadc8b4ab36613cabbca820ca0144a1b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7b9130e45e97e5fa893c230d6184bc6a161983023509443264d8e6ea79906c20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7701A272640204BFDB129FAADC44BEA7AEDEF84762F148124F905D6210E7B5DD81CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 009EE997
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?), ref: 009EE9A5
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 009EE9AD
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 009EE9B7
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32 ref: 009EE9F3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01d812a32de7f61f79a3ed5d47116a7526f8c0b75486049c93d4ce4e8a5df8c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3b5a89c777ee7d6643093cdaf312ad96d6a29b9baae15993568e521abaca6820
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01d812a32de7f61f79a3ed5d47116a7526f8c0b75486049c93d4ce4e8a5df8c1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88015731C41A2DEBCF00EBE6DD49AEDBBB8BB09310F004646E502B2242CB349951CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 009E1114
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1120
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E112F
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,009E0B9B,?,?,?), ref: 009E1136
                                                                                                                                                                                                                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 009E114D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c8d36f3174ef87025c3fb3cc62d6c8730e7e6a29dd7f9ebb11ed360407dcc031
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0e60b4c22cc482286f04efb8929485fe74e0a5dc82a7288b6856063893b59d2c
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8d36f3174ef87025c3fb3cc62d6c8730e7e6a29dd7f9ebb11ed360407dcc031
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A013179140315BFDB128FA5DC49EAA3F6EEF85370B104415FA45D7350DB71DC119A60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009E0FCA
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009E0FD6
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009E0FE5
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009E0FEC
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009E1002
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9ce05c95fbc6ff211437d106105ea4da739661f84af4ba035856bc36c4ab5e8f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 15276874f6f6bf46c4a997959934cf6ba1553868c15792de3e28c7cafe1c3520
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce05c95fbc6ff211437d106105ea4da739661f84af4ba035856bc36c4ab5e8f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF06239180351FBD7218FE5DC4DF963B6EEF89762F118414F945C72A1CA70DC418A60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 009E102A
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 009E1036
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1045
                                                                                                                                                                                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 009E104C
                                                                                                                                                                                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1062
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3ed91daf360af567bbb4adcb909725aa20f4207833e0f7bf15c7ef9fd26a473f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 686bc66e76c70a22fc60c60fff614478a26bd75941b4f32c6490b216dd644280
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ed91daf360af567bbb4adcb909725aa20f4207833e0f7bf15c7ef9fd26a473f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99F06D39280351FBDB229FE5EC49F963BAEEF89762F114424FA45C7250CA70DC418A60
                                                                                                                                                                                                                                                                                                                                                                              Function 009F030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0324
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0331
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F033E
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F034B
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0358
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,009F017D,?,009F32FC,?,00000001,009C2592,?), ref: 009F0365
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c0ecae9755810f8691e6523db7e8f8bbccd24ab10d242b0c2edfe98e3fca2ac2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1403471d0aa1a7f51ba2514851dc518f684bbf2eea578c5903b548ceaae1ee71
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0ecae9755810f8691e6523db7e8f8bbccd24ab10d242b0c2edfe98e3fca2ac2
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A801A272800B199FCB309F66D880822F7F9BF903153158A3FD29652932C3B1A955CF80
                                                                                                                                                                                                                                                                                                                                                                              Function 009BD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD752
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD764
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD776
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD788
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009BD79A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3bdec9aabb5e3eb24184a27046344dae4924bab37dce876065cc880b27ec76fd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: befcf586a42ae01fa70eef0dbad01a2d8d6cfba3b1adc6f4ee762d7ae504c58b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bdec9aabb5e3eb24184a27046344dae4924bab37dce876065cc880b27ec76fd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5F0C976546208BBC665EBA4FBC599677DDFB857307940C05F04CD7502DA21F8808664
                                                                                                                                                                                                                                                                                                                                                                              Function 009E5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 009E5C58
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 009E5C6F
                                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 009E5C87
                                                                                                                                                                                                                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 009E5CA3
                                                                                                                                                                                                                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 009E5CBD
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ff1d7340b1727e2427f67e6ebb70765fc6b2b6b25a97fbf471db5860b24c7ab7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 45efc56679fce4d29d27d353130abd970d5984ab978ce0c0cc161d1a7b031728
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff1d7340b1727e2427f67e6ebb70765fc6b2b6b25a97fbf471db5860b24c7ab7
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5301AD30540B04ABEB21AB51DD5EFE677B8BB04B09F011559E293A10E1DBF4AD85CA90
                                                                                                                                                                                                                                                                                                                                                                              Function 009B22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B22BE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000), ref: 009B29DE
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B29C8: GetLastError.KERNEL32(00000000,?,009BD7D1,00000000,00000000,00000000,00000000,?,009BD7F8,00000000,00000007,00000000,?,009BDBF5,00000000,00000000), ref: 009B29F0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B22D0
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B22E3
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B22F4
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B2305
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2e2a3233b422b00eff0e2dedd099b25207ff2f19133f5d32a5aa2134674109c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 7ec0b099663c8f2da13669fbbaf792cc5bb8d0efc6a317468a707145b7c194e1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e2a3233b422b00eff0e2dedd099b25207ff2f19133f5d32a5aa2134674109c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3CF0F4794013109BC692EFD8BE01EDC3B69F759772B050A56F418D6271C73105539FE5
                                                                                                                                                                                                                                                                                                                                                                              Function 009995C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 009995D4
                                                                                                                                                                                                                                                                                                                                                                              • StrokeAndFillPath.GDI32(?,?,009D71F7,00000000,?,?,?), ref: 009995F0
                                                                                                                                                                                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 00999603
                                                                                                                                                                                                                                                                                                                                                                              • DeleteObject.GDI32 ref: 00999616
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00999631
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2df6036c5b76c51de6643ad0a0a69c6ef495afb2b79176d6773cc899caa51459
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: aa65775e2b8202a43e09ca72700a3e41b7e1de87c5da747cbb4184df4f2c7e64
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2df6036c5b76c51de6643ad0a0a69c6ef495afb2b79176d6773cc899caa51459
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6F01430046308EBDB22DFADED18BB93BA9BB05372F448218F865950F0C7308992DF64
                                                                                                                                                                                                                                                                                                                                                                              Function 009B0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 2065fff7083eb4130703fc692bb2d508176a5d9dcf4e59d919e70c8025315f53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8ee1d93c4cec42699cd7ad7f74353e61503a8454899b1c595cd4e799fcd561ae
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2065fff7083eb4130703fc692bb2d508176a5d9dcf4e59d919e70c8025315f53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0FD12831904206CBCB249F68CA69BFEB7F8FF46330FA84519E5119B650E3759D80CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 00A07B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A0242: EnterCriticalSection.KERNEL32(00A5070C,00A51884,?,?,0099198B,00A52518,?,?,?,009812F9,00000000), ref: 009A024D
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A0242: LeaveCriticalSection.KERNEL32(00A5070C,?,0099198B,00A52518,?,?,?,009812F9,00000000), ref: 009A028A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A00A3: __onexit.LIBCMT ref: 009A00A9
                                                                                                                                                                                                                                                                                                                                                                              • __Init_thread_footer.LIBCMT ref: 00A07BFB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A01F8: EnterCriticalSection.KERNEL32(00A5070C,?,?,00998747,00A52514), ref: 009A0202
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A01F8: LeaveCriticalSection.KERNEL32(00A5070C,?,00998747,00A52514), ref: 009A0235
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: aecc8231cc9e70638be9518f12dc159f932359ec7c744a4627c1771daf146b21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2c1d238e636b8c27b7ab14d3eb385c4a64d0c9a47d532d456886a39c421f5c3f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aecc8231cc9e70638be9518f12dc159f932359ec7c744a4627c1771daf146b21
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01917C74A04209AFCB14EF94E991ABEB7B1FF89300F148059F8069B291DB71AE45CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009E2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009E21D0,?,?,00000034,00000800,?,00000034), ref: 009EB42D
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 009E2760
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009E21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 009EB3F8
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EB32A: GetWindowThreadProcessId.USER32(?,?), ref: 009EB355
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,009E2194,00000034,?,?,00001004,00000000,00000000), ref: 009EB365
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,009E2194,00000034,?,?,00001004,00000000,00000000), ref: 009EB37B
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009E27CD
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009E281A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7a5843552f07ecd143978eccf2f16a7f95499c8de98ed5b3298788436dd965a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 621050fc487ffc1219fbdc048f268d4a9701c49ce83952002dda882d1960c25f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a5843552f07ecd143978eccf2f16a7f95499c8de98ed5b3298788436dd965a8
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E415C72900218AFDB11DFA4CD42BEEBBB8EF49300F009095FA55B7181DB716E45CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 009B172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Pl8Tb06C8A.exe,00000104), ref: 009B1769
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B1834
                                                                                                                                                                                                                                                                                                                                                                              • _free.LIBCMT ref: 009B183E
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\Pl8Tb06C8A.exe
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2506810119-1456655098
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5c159161fc71f2c78cbe4fba81e134ad78b39c49f59e5ab509776909f66772f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c98975794f892a5b6802da17fff34e1c57c9f34e353bff8ffd61ff3e7bf375e0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c159161fc71f2c78cbe4fba81e134ad78b39c49f59e5ab509776909f66772f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2316E71A40218ABDB21DF999A95EEEBBFCFB85320F54416AF804D7211DA708E41CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009EC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 009EC306
                                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000007,00000000), ref: 009EC34C
                                                                                                                                                                                                                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00A51990,018B48F0), ref: 009EC395
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6c3d91b634f0a351a00f953daa17a741c7554c7d83432b17b14fff5243e33c45
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6c91825b7aa7f27b8fc4d35962188b349899f541c4af2a6006b3ce917dbc763b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c3d91b634f0a351a00f953daa17a741c7554c7d83432b17b14fff5243e33c45
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E41B2B12043819FD721DF26D844F5ABBE8AF85321F048A1DF9A5972D1D730ED06CB62
                                                                                                                                                                                                                                                                                                                                                                              Function 00A14416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00A1CC08,00000000,?,?,?,?), ref: 00A144AA
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32 ref: 00A144C7
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A144D7
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e9c9e12a6fb5a0e8555ac02fd345a613e21cd3e2f8a25d34618acb978dcc1abc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 156ac405e5d1b2d24b4dae4118be53eec8ea3b0b0da3f9e04b3b2fcf41ccb9ff
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9c9e12a6fb5a0e8555ac02fd345a613e21cd3e2f8a25d34618acb978dcc1abc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5331AB32200205AFEF209F78DC45BEA7BAAEB48334F208725F975921E0D770EC919B50
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00A0335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00A03077,?,?), ref: 00A03378
                                                                                                                                                                                                                                                                                                                                                                              • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00A0307A
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A0309B
                                                                                                                                                                                                                                                                                                                                                                              • htons.WSOCK32(00000000,?,?,00000000), ref: 00A03106
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 6f2befddb1463483c5e4277b047c849d7dbbf49b15885c5a14a7bb372b04176d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 4bb475fb338b6f4267e414292a96bcc4a2fe9a75258f1b88cc2cd4034aa50604
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f2befddb1463483c5e4277b047c849d7dbbf49b15885c5a14a7bb372b04176d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B31D33A6002099FCF10CF68E585EAA77F8EF54318F248159E9158B3D2DB72EE45C761
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00A13F40
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00A13F54
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A13F78
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                              • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5260ff640d653aa8523228537818f5e6a0d1f440f96e5823d5a8cfb732a45d1e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8e2879063012f9595f3a25ba92ff17e83c27385c4ed1815f935561bde6bf3dd9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5260ff640d653aa8523228537818f5e6a0d1f440f96e5823d5a8cfb732a45d1e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07218B33600219BBDF259F90DC46FEA3B7AEB88724F110214FA15AB1D0D6B5A9958B90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A14653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00A14705
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00A14713
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00A1471A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4c0f78bdb3309cd5fcff72934f109aba49dfa32b16535d8a05ae47266e540bed
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2bd2f74e5f24a735454fcdb17a6ed0e395db56061406bb69cda0b7fc0307cf2
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c0f78bdb3309cd5fcff72934f109aba49dfa32b16535d8a05ae47266e540bed
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D52160B5600208AFEB10DF68DCC1DB737ADEB8A7A4B040059FA109B391DB70EC52CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c7b0f481db5ed8d404858ab6e8491b31a07a058a763f8c3bd9545baeb9f5c8ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 956497cf0d27fe1cd8626d45533d45077b7935f21e2437accee61d41f0f84280
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7b0f481db5ed8d404858ab6e8491b31a07a058a763f8c3bd9545baeb9f5c8ae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9215E722046906AC732BB269C06FBBB3DCAFD1700F604826F9499B141EF55DD81C3D5
                                                                                                                                                                                                                                                                                                                                                                              Function 00A137B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00A13840
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00A13850
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00A13876
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a3fb18e06e8b2f95a3a62ac3cf33da4d38a917e3d5299fa7595f659eeaa951c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5cfe5605ab8f6661e5b617e43b2472b96ee2b481e061aaf76e7080834996bff5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3fb18e06e8b2f95a3a62ac3cf33da4d38a917e3d5299fa7595f659eeaa951c5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A217C72610218BBEF21DF95DC85FFB376EEF89760F108124F9149B190CA759C9287A0
                                                                                                                                                                                                                                                                                                                                                                              Function 009F49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 009F4A08
                                                                                                                                                                                                                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 009F4A5C
                                                                                                                                                                                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,00A1CC08), ref: 009F4AD0
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0c96f39c77774036a7716a7bec0546536907d3ee8cd632b8fccfa0ca1fcff42f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0fa2738ee66bff6b9aad57af393c174662b09afa1e14dc21bac144490ee1b73f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c96f39c77774036a7716a7bec0546536907d3ee8cd632b8fccfa0ca1fcff42f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F5319174A40108AFDB10DF54C881EAABBF8EF48318F1480A8F909DB352D771ED46CB61
                                                                                                                                                                                                                                                                                                                                                                              Function 00A141EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00A1424F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00A14264
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00A14271
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: dba42f6e797ab44ccd07c8f6667f1e2994c11765382ab9a07296481e7c537da9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0dc21b92f7a2f889ac08aaaf966469aefd1fa3cdc11bf160a86da93a47c442eb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dba42f6e797ab44ccd07c8f6667f1e2994c11765382ab9a07296481e7c537da9
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E311C671240248BEEF209F69CC46FEB3BADEF99B64F110614FA55E6090D671DC919B10
                                                                                                                                                                                                                                                                                                                                                                              Function 009E2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00986B57: _wcslen.LIBCMT ref: 00986B6A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 009E2DC5
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E2DD6
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2DA7: GetCurrentThreadId.KERNEL32 ref: 009E2DDD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 009E2DE4
                                                                                                                                                                                                                                                                                                                                                                              • GetFocus.USER32 ref: 009E2F78
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E2DEE: GetParent.USER32(00000000), ref: 009E2DF9
                                                                                                                                                                                                                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 009E2FC3
                                                                                                                                                                                                                                                                                                                                                                              • EnumChildWindows.USER32(?,009E303B), ref: 009E2FEB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 1efef1108ad99c1266843477fb6af030a07806a0814f7486ebf88eb022c237d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6958de6f944338a4520055cae016ae33d1812f8e34d12d2848f94d8d7fdbd6e5
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1efef1108ad99c1266843477fb6af030a07806a0814f7486ebf88eb022c237d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE11A2756002456BCF15BF75DC89FEE376EAFD4314F048075BA099B292DE309E458B60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A15882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A158C1
                                                                                                                                                                                                                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00A158EE
                                                                                                                                                                                                                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 00A158FD
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 156ffef538fd0c4335a0945f0e10dac78ae46cde45724d1fdea2833069bda774
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2439c447083dd9a75b77827958fb9a03f93385a5b70262b4f01f8f9d9c989f08
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 156ffef538fd0c4335a0945f0e10dac78ae46cde45724d1fdea2833069bda774
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0016D35900218EFDB219FA5DC44BEEBBB9FB85360F10C099E849D6151DB308AC4DF21
                                                                                                                                                                                                                                                                                                                                                                              Function 009E007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 88e97fa0fab8b9460e25b362d0d4b6681f18563f72bb54c3470620b435eba6f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d5a2ccddce0066ebf3b0f1e6687a21479abba3774c2a5201ef408edb15beacec
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88e97fa0fab8b9460e25b362d0d4b6681f18563f72bb54c3470620b435eba6f1
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1C16C75A0024AEFCB15CFA5C894BAEB7B9FF88304F208598E515EB251D771ED81CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009B3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e248748538cebb7931629ca3b73a7081fcae61f609b08af9f11bc8e88ac28dca
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52A15971D043869FEB11DF18CA917FEBBE9EF62360F14816DE5859B282C2388D41D751
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 043ac8d4ad970cf1d1414e701ff6c26adcb330097a624307390f6f6dc9276dae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a9bed9e432dcf7d10fea4e081677c9748d6e40e9db41a091b2efaaa1d7bf5c1b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 043ac8d4ad970cf1d1414e701ff6c26adcb330097a624307390f6f6dc9276dae
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D5A14D766043049FCB00EF68D585A2AB7E9FF88714F14885DF99A9B3A2DB31ED01CB51
                                                                                                                                                                                                                                                                                                                                                                              Function 009E0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E05F0
                                                                                                                                                                                                                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E0608
                                                                                                                                                                                                                                                                                                                                                                              • CLSIDFromProgID.OLE32(?,?,00000000,00A1CC40,000000FF,?,00000000,00000800,00000000,?,00A1FC08,?), ref: 009E062D
                                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 009E064E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9a083f149c432dc86124c6d39bd9cffa8957e776ee35f36999018b7428b834ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 212c721a9a93d77edfcfd1f700471f8a677176b9707b80f7071bcb32659975a6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a083f149c432dc86124c6d39bd9cffa8957e776ee35f36999018b7428b834ff
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F811771A00209EFCB05DF95C984EEEB7B9FF89315F204598F506AB250DB71AE46CB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00A0A6AC
                                                                                                                                                                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00A0A6BA
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00A0A79C
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00A0A7AB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,009C3303,?), ref: 0099CE8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e420c164e58d7c52b23a3dd30ec8b09b340e12e63bf5aff403f1d8306edab01a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 105ae1c124fc02bee40b24b0f5f8bf66a4e22f425ccb2a0813d55f251f2ebc78
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e420c164e58d7c52b23a3dd30ec8b09b340e12e63bf5aff403f1d8306edab01a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF515BB1508301AFD710EF64D886A6BBBE8FFC9754F00892DF595972A1EB31D904CB92
                                                                                                                                                                                                                                                                                                                                                                              Function 009C1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9e0183e7649a3b8ba97ed154b2980affbd17f4a23f68b016c7d2be61e9033dec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 384267337d161fd93fa02441f863d4d03665561ad89a1185ef751fc5008f7396
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e0183e7649a3b8ba97ed154b2980affbd17f4a23f68b016c7d2be61e9033dec
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94413E31D00510ABDB297BF98C45FFE3AA9EF83370F14462DF819D62A3E634484156A7
                                                                                                                                                                                                                                                                                                                                                                              Function 00A16278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00A162E2
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A16315
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00A16382
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 508bd5b62da4d348c702fef18b27670bb949a92454080fcf97f1c70c7e191970
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 49e63783771f26990e8c3ed65871c2205372f5d74ecec89f57505de3308f608d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 508bd5b62da4d348c702fef18b27670bb949a92454080fcf97f1c70c7e191970
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7651F974A00209EFDB10DF68D981AEE7BB6FB45360F108169F965DB2A0D770ED81CB50
                                                                                                                                                                                                                                                                                                                                                                              Function 00A01AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011), ref: 00A01AFD
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01B0B
                                                                                                                                                                                                                                                                                                                                                                              • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00A01B8A
                                                                                                                                                                                                                                                                                                                                                                              • WSAGetLastError.WSOCK32 ref: 00A01B94
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b167f80638d4834c1ae9f55239b9734ab51a8ee60ff6319a73c1d066a161415f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: bcb4029441fb70644131dbea6c08279850db8b2f347029dfe6eafe5186767d51
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b167f80638d4834c1ae9f55239b9734ab51a8ee60ff6319a73c1d066a161415f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7041C474640200AFE720AF24D886F6577E5AF85718F54C448FA1A9F7D2E772DD42CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 009BB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 78420e15445c8599d7c52c055b46ecae91615ca223f1a1404bb6dcbb6e562829
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: ae40fa690e73edba48edabd81efcb54dfc3a0617675f4fc468893ea111d2adbc
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 78420e15445c8599d7c52c055b46ecae91615ca223f1a1404bb6dcbb6e562829
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54413871A00704AFD7249F78CD41BAABBA9EBC9720F10452EF556DB2D2D7B199008780
                                                                                                                                                                                                                                                                                                                                                                              Function 009F56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 009F5783
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 009F57A9
                                                                                                                                                                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 009F57CE
                                                                                                                                                                                                                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 009F57FA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a480ebee3385cb797b14305e0219bfdf15b86cf6525247f4cae2963772254e29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 1c9eca90d37a10d8b8e4b940e8f1e6b0e3f3ce3e355a34e5b81ff419d13eacbd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a480ebee3385cb797b14305e0219bfdf15b86cf6525247f4cae2963772254e29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D412939600610DFCB11EF55C444A5EBBE6AF89720B19C488F95AAB362CB34FD41CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 009BD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,009A6D71,00000000,00000000,009A82D9,?,009A82D9,?,00000001,009A6D71,8BE85006,00000001,009A82D9,009A82D9), ref: 009BD910
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009BD999
                                                                                                                                                                                                                                                                                                                                                                              • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 009BD9AB
                                                                                                                                                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 009BD9B4
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009B3820: RtlAllocateHeap.NTDLL(00000000,?,00A51444,?,0099FDF5,?,?,0098A976,00000010,00A51440,009813FC,?,009813C6,?,00981129), ref: 009B3852
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 01adaee579ebebe6b8bf4dd47e4dad97404d95bb489d3452837c7b80edf0a83a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: baff225efbda4ad63ec59b34815cff5a7d3f3f7419d928086635660e4acb2e82
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 01adaee579ebebe6b8bf4dd47e4dad97404d95bb489d3452837c7b80edf0a83a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0631C172A0221AABDF24DFA5DD45EEE7BA9EB81720F054168FC04D7150EB35CD51CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A152C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 00A15352
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A15375
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00A15382
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00A153A8
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3bdedbc40e38eed23abe4e75f26fe4f6e1a90b07e3bf3eafecd9bcd8e7df57bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a5b239070de5e836280c2e06e9b002664120c52c7e9c3c938c742bc1cf364214
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bdedbc40e38eed23abe4e75f26fe4f6e1a90b07e3bf3eafecd9bcd8e7df57bb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B31C434E55A08EFEB349F74CC25BE83766AB85390F584102FA309B1E1C7B49DC0AB41
                                                                                                                                                                                                                                                                                                                                                                              Function 009EAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 009EABF1
                                                                                                                                                                                                                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 009EAC0D
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000), ref: 009EAC74
                                                                                                                                                                                                                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 009EACC6
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9fb91712908d187e4941020c8d6b1320088751aa588f7d66184e338fb3cddd53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 30b06061448a5289111ac2ada1ad6a57d80831c35795f1fba121fdf2004f4753
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fb91712908d187e4941020c8d6b1320088751aa588f7d66184e338fb3cddd53
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6313B30A403986FEF36CB668C047FE7BA9AB85320F28471AE4D5521F1C378AD858753
                                                                                                                                                                                                                                                                                                                                                                              Function 00A17674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 00A1769A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00A17710
                                                                                                                                                                                                                                                                                                                                                                              • PtInRect.USER32(?,?,00A18B89), ref: 00A17720
                                                                                                                                                                                                                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 00A1778C
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ad95808c4bacb3a855a0f50776d52cae3c949cefc372cbe8ba2de67b98dfad6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 98a6cf134fe269b2e1177bcaa5fa3e0b5d162c4014fdd4be3870b6a29253fdd6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad95808c4bacb3a855a0f50776d52cae3c949cefc372cbe8ba2de67b98dfad6e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A416D74A05214DFCB11CF98C894EEDB7F5FB49315F1591A8E4249B2A1C730E982CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A116DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00A116EB
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 009E3A57
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: GetCurrentThreadId.KERNEL32 ref: 009E3A5E
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,009E25B3), ref: 009E3A65
                                                                                                                                                                                                                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 00A116FF
                                                                                                                                                                                                                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 00A1174C
                                                                                                                                                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00A11752
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 701271d0bf65717374d92ecb99c2ca433bbad2f1bfdc6ae562711609a7cb05ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 56a27844342be0f294674723073164dccae35a6460ec15f6d60a2e839de0f26d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 701271d0bf65717374d92ecb99c2ca433bbad2f1bfdc6ae562711609a7cb05ce
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99313E71D00149AFDB00EFA9C885DEEBBF9EF88304B5080AAE515E7352D631DE45CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 00A18FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A19001
                                                                                                                                                                                                                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,009D7711,?,?,?,?,?), ref: 00A19016
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A1905E
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,009D7711,?,?,?), ref: 00A19094
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 8cd5f7ea6bd16e263b7901033580346604bf38e4e7cb96c35120ca931b29ee98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 47df6954838f89f23c6b295b717f04fc7a202d7093df092a66edbcb27518be9e
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cd5f7ea6bd16e263b7901033580346604bf38e4e7cb96c35120ca931b29ee98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 67217C35600128EFCB25CF98C868FFB7BBAEB89361F044069F90547261C3359D91DB61
                                                                                                                                                                                                                                                                                                                                                                              Function 009ED2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,00A1CB68), ref: 009ED2FB
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009ED30A
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 009ED319
                                                                                                                                                                                                                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00A1CB68), ref: 009ED376
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 450494d2772b84023eaf6d98c6027f042b35508169304e0725d94acef41cf869
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5ff8bcc32dc4bf1c10b3387dcf50f28f7558307db83f4c1ab751133e1946e322
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 450494d2772b84023eaf6d98c6027f042b35508169304e0725d94acef41cf869
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D21B17450A2019FC300EF25C8818AEB7E8AF9A368F105A1DF499C72E1E730DD46CB93
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 009E102A
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 009E1036
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1045
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 009E104C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 009E1062
                                                                                                                                                                                                                                                                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009E15BE
                                                                                                                                                                                                                                                                                                                                                                              • _memcmp.LIBVCRUNTIME ref: 009E15E1
                                                                                                                                                                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 009E1617
                                                                                                                                                                                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 009E161E
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 849e8511ea97bf1fa43b9259eed6bb064c82e2f9f17adc2464a949754ff63c75
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e37cacba53d03b9c2bac789893ef5ec1365bfd653d11994383d91cd3b203f485
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 849e8511ea97bf1fa43b9259eed6bb064c82e2f9f17adc2464a949754ff63c75
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E21AC31E40209EFDF05DFA6C945BEEB7B8EF84354F088459E445AB241EB30AE05CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 00A1280A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A12824
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00A12832
                                                                                                                                                                                                                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00A12840
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: c7454f0debf4cee27250b7bee041b70bdaf4f0626d8c4b30c770587b2469d504
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a9a56803b3d78c4a33d9a96f3a1725dfbaed56a6d211085a67a556483035e3b9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7454f0debf4cee27250b7bee041b70bdaf4f0626d8c4b30c770587b2469d504
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F21B035244511AFE714DB24C845FEA7BAAAF85324F148158F4268B6E2CB71FC92CBD0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,009E790A,?,000000FF,?,009E8754,00000000,?,0000001C,?,?), ref: 009E8D8C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E8D7D: lstrcpyW.KERNEL32(00000000,?,?,009E790A,?,000000FF,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E8DB2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E8D7D: lstrcmpiW.KERNEL32(00000000,?,009E790A,?,000000FF,?,009E8754,00000000,?,0000001C,?,?), ref: 009E8DE3
                                                                                                                                                                                                                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E7923
                                                                                                                                                                                                                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E7949
                                                                                                                                                                                                                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,009E8754,00000000,?,0000001C,?,?,00000000), ref: 009E7984
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d5a5125d2f10ed8aceb5f8415d0fe58a21f06cd0497d66ae8acc5dca9bf26b98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: cfd39c45fe6bdc7000232f299f2376ad23ff27c306c7aa5095dac41c0207cf56
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5a5125d2f10ed8aceb5f8415d0fe58a21f06cd0497d66ae8acc5dca9bf26b98
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2011E93A200381ABCB169FB9DC45E7BB7A9FF85350B50802AF946C72A5EB319C11C752
                                                                                                                                                                                                                                                                                                                                                                              Function 00A17CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00A17D0B
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00A17D2A
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00A17D42
                                                                                                                                                                                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,009FB7AD,00000000), ref: 00A17D6B
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a265ecbf19d75d170229ce29caa016894ae49910957629b86edfa28a65b73aee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9806152d2e6c5495448c874b449d512e3679152ce8171c90d0a3183b966752a1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a265ecbf19d75d170229ce29caa016894ae49910957629b86edfa28a65b73aee
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18118C31645619AFCB109F68DC04ABA3BB5BF45375B159724F839C72E0D7309991CB90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A15660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001060,?,00000004), ref: 00A156BB
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A156CD
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A156D8
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 00A15816
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 5ecaaf5ee138d23bcaaef3967b3d2861a7a00e7d6c9e8f37944fee612e49ffbd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5f8ca1f545829b3da26dd4dbcafe609526cbe4beb5fa2f933199f1d35aa057ac
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ecaaf5ee138d23bcaaef3967b3d2861a7a00e7d6c9e8f37944fee612e49ffbd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF11B471E00604DADF20DFB5CC85AEE777CAF95764B108026F915D6081E77489C4CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 009B1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 775968df65c5cc5b038ec408aac648ddf38c2188eda5e7f41a6c5f1c98520a1e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3838314a6ae8aadb1db9e5d47f2256a6db90615c5fcb3b80f445f6e5106e9778
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 775968df65c5cc5b038ec408aac648ddf38c2188eda5e7f41a6c5f1c98520a1e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B801ADB220A61A7FF6212AB86DD0FE7671CEFC17B8F740725F521A11D2DB608C005160
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 009E1A47
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A59
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A6F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 009E1A8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4aa99e840b01aaf418895167989a434da2328ffe94b3baeb72c5619a38587d5e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e82ecf9922219db65762784fcee6ebd7ff602adee1aab3dc3212097b915b1ac4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aa99e840b01aaf418895167989a434da2328ffe94b3baeb72c5619a38587d5e
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D11393AD01219FFEF11DBA5CD85FADBB78EB08750F2000A1EA00B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                                              Function 009EE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 009EE1FD
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 009EE230
                                                                                                                                                                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 009EE246
                                                                                                                                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 009EE24D
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 75961d5441b2b0721e190de313784a8e18bbaa75e9ee4a3367dfc4ab741e80cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 772f70c51c918d8591f6f8c7366fc7fc4240ae5f78ed25b4be88e948d1d26551
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75961d5441b2b0721e190de313784a8e18bbaa75e9ee4a3367dfc4ab741e80cc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B1104B6904254BBC702DFE89C09BEE7FACAB85331F008215F924E7390D2B0CE0587A0
                                                                                                                                                                                                                                                                                                                                                                              Function 009AD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,?,009ACFF9,00000000,00000004,00000000), ref: 009AD218
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009AD224
                                                                                                                                                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 009AD22B
                                                                                                                                                                                                                                                                                                                                                                              • ResumeThread.KERNEL32(00000000), ref: 009AD249
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a0e19dd01cd094da5b5815d18560a2a4c5a98fa0326efc3a4a272e4f35353d0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3dc192258b9da97fcf42498adef3a6c843b4fd56d38215207e64bd98d85ddcef
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0e19dd01cd094da5b5815d18560a2a4c5a98fa0326efc3a4a272e4f35353d0c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6801C076846214BBCB216BA5DC09BAA7A6DDFC3730F104229FD36965D0DB708901C6E0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A19EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00999BB2
                                                                                                                                                                                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 00A19F31
                                                                                                                                                                                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00A19F3B
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A19F46
                                                                                                                                                                                                                                                                                                                                                                              • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00A19F7A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4127811313-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 0d193c89ee80233fb1a713a01c086cffa1fd1aa5f41937df63f11e4f13abd87d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 3d730f0df30949f546e41db330bdea4bf452312f4e803206cb8dbb0ced9d29df
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d193c89ee80233fb1a713a01c086cffa1fd1aa5f41937df63f11e4f13abd87d
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F11153290021ABBDB10DFA8D9999FE77B9FB45321F504455F912E3150D730BAC6CBA1
                                                                                                                                                                                                                                                                                                                                                                              Function 0098600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 00986060
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 445a86cec29187f79223c6c8af230cf554884e7560c71b496289fca1cdbcdfd0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: d9565c9f7d8c06521cae3fffbba5f655c727fc8605a096836f330a70943a401a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 445a86cec29187f79223c6c8af230cf554884e7560c71b496289fca1cdbcdfd0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A011AD72501508BFEF129FA58C44FEABB6DFF083A4F004205FA1556210D7369C60DBA5
                                                                                                                                                                                                                                                                                                                                                                              Function 009A3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • ___BuildCatchObject.LIBVCRUNTIME ref: 009A3B56
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 009A3AD2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009A3AA3: ___AdjustPointer.LIBCMT ref: 009A3AED
                                                                                                                                                                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 009A3B6B
                                                                                                                                                                                                                                                                                                                                                                              • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 009A3B7C
                                                                                                                                                                                                                                                                                                                                                                              • CallCatchBlock.LIBVCRUNTIME ref: 009A3BA4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 83401c591d6cd1615c461c3ea846b7023fd8ed85def1b664522ca59c3b3639a8
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52014C32100148BBDF125E95DC46EEB7F6EEF8A754F058014FE5866121C772E961DBE0
                                                                                                                                                                                                                                                                                                                                                                              Function 009B3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,009813C6,00000000,00000000,?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue), ref: 009B30A5
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue,00A22290,FlsSetValue,00000000,00000364,?,009B2E46), ref: 009B30B1
                                                                                                                                                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,009B301A,009813C6,00000000,00000000,00000000,?,009B328B,00000006,FlsSetValue,00A22290,FlsSetValue,00000000), ref: 009B30BF
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7f68eb71cd43faea8e465bb00caec2c5efcbb30feb340f7d82249e9840001269
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f2bd7504a90a18e6baa275261f1e205ce5fb4be3b19825c8ccb179ea3f92818b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f68eb71cd43faea8e465bb00caec2c5efcbb30feb340f7d82249e9840001269
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1001D436745232ABCB31EBB8AD449E77B9CAF05B71B208620F906E7140CB25D902C6E0
                                                                                                                                                                                                                                                                                                                                                                              Function 009E7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 009E747F
                                                                                                                                                                                                                                                                                                                                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 009E7497
                                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 009E74AC
                                                                                                                                                                                                                                                                                                                                                                              • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 009E74CA
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: f0dbd0bd58102a959c37ceb0bdcb0a1c3eb09913ae12f5719ee0fb6424a779cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e6c587123b29ebf0dece707a50046b34f721da004d5857b775ad93cfbcf09a48
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0dbd0bd58102a959c37ceb0bdcb0a1c3eb09913ae12f5719ee0fb6424a779cb
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5411E1B5249354ABE321CF95DC08F92BBFDEB00B10F108969A616D60A1E770ED04CB52
                                                                                                                                                                                                                                                                                                                                                                              Function 009EB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0C4
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0E9
                                                                                                                                                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB0F3
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,009EACD3,?,00008000), ref: 009EB126
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 4069c744f4b7ea9d6db827852e4809ff181ea37914924f2bf7363d2ee017eb29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 2ab6c3a2af349ef04ae78fa24844665ff2b241cbe536016fcb3e434a0b33d5ea
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4069c744f4b7ea9d6db827852e4809ff181ea37914924f2bf7363d2ee017eb29
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47115730C4466CE7CF01EFE6E9A87EEBB78BB49321F008186D941B2185CB345A519B51
                                                                                                                                                                                                                                                                                                                                                                              Function 00A17E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00A17E33
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A17E4B
                                                                                                                                                                                                                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00A17E6F
                                                                                                                                                                                                                                                                                                                                                                              • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A17E8A
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 357397906-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b2f913a52e127468fc95494991e9cc3445059f8934f87cd8cc2bdabf26e8a30c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: a6f1827fa539e99cb1f7a08836a6f0ab701ea168555a15b9e6950a25c256c2c3
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2f913a52e127468fc95494991e9cc3445059f8934f87cd8cc2bdabf26e8a30c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 941126B9D0024AAFDB41DF98C8849EEBBF5FF08310F509056E915E3250D775AA55CF50
                                                                                                                                                                                                                                                                                                                                                                              Function 009E2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 009E2DC5
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 009E2DD6
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 009E2DDD
                                                                                                                                                                                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 009E2DE4
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3d3544057c0d118010534d014ea262ebe452405a2865d04da9e48136fde579d6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: efeca758df7b0f505410aa451231c50a8ec2b907a0acb18beb20be9a5f1cf823
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d3544057c0d118010534d014ea262ebe452405a2865d04da9e48136fde579d6
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEE06D715813347AD7215BA39C0DFEB7E6CEB42BB1F005115B205D1080DAA48982C6B0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A18863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00999693
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996A2
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: BeginPath.GDI32(?), ref: 009996B9
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00999639: SelectObject.GDI32(?,00000000), ref: 009996E2
                                                                                                                                                                                                                                                                                                                                                                              • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00A18887
                                                                                                                                                                                                                                                                                                                                                                              • LineTo.GDI32(?,?,?), ref: 00A18894
                                                                                                                                                                                                                                                                                                                                                                              • EndPath.GDI32(?), ref: 00A188A4
                                                                                                                                                                                                                                                                                                                                                                              • StrokePath.GDI32(?), ref: 00A188B2
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 20a560528df2baade731a4c2a3238ff6a3aa3dca15e7873512b559543647226c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: b34c254cb9d791bb2eb29e3c573daa5ea3149eba68fa801f20f5022930e69da9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20a560528df2baade731a4c2a3238ff6a3aa3dca15e7873512b559543647226c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CF05E36081258FADB129FD4AC0AFDE3F59AF0A321F448100FA11650E1C7795552CFE9
                                                                                                                                                                                                                                                                                                                                                                              Function 009998B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 009998CC
                                                                                                                                                                                                                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 009998D6
                                                                                                                                                                                                                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 009998E9
                                                                                                                                                                                                                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 009998F1
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 89a860aef4d5f1f7cf2be3d1c6a996146cf8b5e027442b2c26fd9cf215e0ef37
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 070b52337383435bbe4da791ec9fecbe24974681176c3bf2fad8e94e7517e296
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 89a860aef4d5f1f7cf2be3d1c6a996146cf8b5e027442b2c26fd9cf215e0ef37
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8E06D312C4280BADB219BB8BC09BE87F25AB12336F14C31AF6FA580E1C37146419B11
                                                                                                                                                                                                                                                                                                                                                                              Function 009E162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 009E1634
                                                                                                                                                                                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,009E11D9), ref: 009E163B
                                                                                                                                                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009E11D9), ref: 009E1648
                                                                                                                                                                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,009E11D9), ref: 009E164F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 3933404fa8f91ea20e862ae5653378ee7e27f3b911db4b21f9eb1bb0be7ca1b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 082628541e0723183560936857929a56d71556176caa5b132fa6a76f9082c1f0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3933404fa8f91ea20e862ae5653378ee7e27f3b911db4b21f9eb1bb0be7ca1b3
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9E08631641211DBD7205FE19D0DBC67B7CBF44BA1F14C808F245C9080D7348542C754
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 009DD858
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 009DD862
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 009DD882
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 009DD8A3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ad12cdf9b4b680580f7027e22ce1dfb78ced26e2471791510006b199a63d0f92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0d5fc620ee6435c35926b95f4f21ff62fecc13b1e99d66b714ad6fdf09dc78a0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad12cdf9b4b680580f7027e22ce1dfb78ced26e2471791510006b199a63d0f92
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEE01AB4840204EFCF41EFE0D808AADBBB1FB08320F10E409E81AE7350C7384942AF50
                                                                                                                                                                                                                                                                                                                                                                              Function 009DD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 009DD86C
                                                                                                                                                                                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 009DD876
                                                                                                                                                                                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000C), ref: 009DD882
                                                                                                                                                                                                                                                                                                                                                                              • ReleaseDC.USER32(?), ref: 009DD8A3
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: b33c3f10b15d541a4b5dfd371a1cf1c0afa221e61384364998960e3f2809ee20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 8153c61995d979f19ff3f8f798cb50c1ac2fda86cb94dd29fd55b4cd57a4a7a4
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b33c3f10b15d541a4b5dfd371a1cf1c0afa221e61384364998960e3f2809ee20
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E092B5C40204EFCF51EFE4D848AADBBB5BB48321B14A449E95AE7250CB385A42AF54
                                                                                                                                                                                                                                                                                                                                                                              Function 009F4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00987620: _wcslen.LIBCMT ref: 00987625
                                                                                                                                                                                                                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 009F4ED4
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a199f716d8dc0f63f4d696a669ac2c0834a7c07828b3ee59964519125f50e591
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: f267be5593a9a6c2f48aba80da57fe4908af97222d61508fb9f7c96d7fce3b46
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a199f716d8dc0f63f4d696a669ac2c0834a7c07828b3ee59964519125f50e591
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3918075A002089FCB14DF58C484EBABBF5BF49314F198099E90A9F3A2D735ED85CB91
                                                                                                                                                                                                                                                                                                                                                                              Function 0099E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                                                                                                                                              • String ID: #
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 528704b1125b494e1fe547ec7ac3a9eed0fe3968a65e204bbb683d1b5ee92380
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e31717b9267ecf4e4ab73110a5794e72d839c1abfbc1587cfdd846132a646993
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 528704b1125b494e1fe547ec7ac3a9eed0fe3968a65e204bbb683d1b5ee92380
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C510275944246DFDF15EF68C481AFE7BA8EF65310F24805AE8A19F3D0D6349D42CBA0
                                                                                                                                                                                                                                                                                                                                                                              Function 0099F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 0099F2A2
                                                                                                                                                                                                                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32(?), ref: 0099F2BB
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ce42e705e01dbf48a89a18c51042b866c78afb771cfb0ae07eaf1f616424170a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 854c7a7a6e503ade888036f241e6d409946d5fd47a6adf92bd8f6dba2f41dd8d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce42e705e01dbf48a89a18c51042b866c78afb771cfb0ae07eaf1f616424170a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 755135714087449BE320EF50EC86BABBBF8FFC5304F91885DF29951295EB3085298B66
                                                                                                                                                                                                                                                                                                                                                                              Function 00A05745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00A057E0
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 00A057EC
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 84d9d2eaee32e31e748e133063be29ce5138cf332363f0abbe16bf8b2e3a4ccc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 34f4c9b2e2bd63e2ca29f47bec80877b191187afe47e8c271094cb495f37b877
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84d9d2eaee32e31e748e133063be29ce5138cf332363f0abbe16bf8b2e3a4ccc
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B419F31E002099FCB04DFB9D8819BEBBB5EF99320F148069E905A7291E7309D85DF90
                                                                                                                                                                                                                                                                                                                                                                              Function 009FD0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009FD130
                                                                                                                                                                                                                                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 009FD13A
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: |
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: d144ad7c2e4a7e7571c1a20436125a829738618730a733bc9de992ce9d916c87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: dca30546a671dffd4f758a1836ea74c7d21eb217e167a63187984ec19363ff21
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d144ad7c2e4a7e7571c1a20436125a829738618730a733bc9de992ce9d916c87
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30313E71D01209ABCF15EFA4CC85BEEBFBAFF45300F100019F915AA262D735AA16DB60
                                                                                                                                                                                                                                                                                                                                                                              Function 00A1356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 00A13621
                                                                                                                                                                                                                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00A1365C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 60bc229df4b0885cf03d2edb98095b35cd4c0928d69346a0658e2b77d97afe43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5c3dc9922f4cf7069d0f3f2a7f6be7e410f67e4e94f26c442fa293d8665f18f9
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60bc229df4b0885cf03d2edb98095b35cd4c0928d69346a0658e2b77d97afe43
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF318B72100204AEEB20DF68DC80FFB73A9FF88764F109619F9A5D7280DA34AD91C760
                                                                                                                                                                                                                                                                                                                                                                              Function 00A14537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00A1461F
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00A14634
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: '
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 676c4212778e91a7b50c0cd6d434253573234cf6c95506a8c9e75ce641c39979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 713e75bd741dcaa68077471e73d1ad026711bd51f5a46315b95aec533a769edb
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 676c4212778e91a7b50c0cd6d434253573234cf6c95506a8c9e75ce641c39979
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D313974A0030A9FDF14CFA9C980BEA7BB6FF49314F14406AE914AB341E770A981CF90
                                                                                                                                                                                                                                                                                                                                                                              Function 00A131EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00A1327C
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00A13287
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 9f6ddc93ce1095729bfe6abe9496092d36deafa73576195e26b7ea893d19180a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 12a7bf44476d6009eea08d5cf31a3ea9026c1eb687e8d9f789410b8a65f5450b
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f6ddc93ce1095729bfe6abe9496092d36deafa73576195e26b7ea893d19180a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B311B2723002087FEF21AF94DC81EFB376BEBA8364F104224F91897290D6759D918760
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0098604C
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: GetStockObject.GDI32(00000011), ref: 00986060
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0098600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0098606A
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00A1377A
                                                                                                                                                                                                                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 00A13794
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                              • String ID: static
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7d539e73a6af233f88a44c9167b75b427ae77fcc131588b27203ecc729b85ba0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 497055a0972846b0a0ab5dbf46a0984ce57e5f1efed9d4b417fefc03616da5d1
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d539e73a6af233f88a44c9167b75b427ae77fcc131588b27203ecc729b85ba0
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 561137B2650209AFDF01DFA8CC46EFA7BB9FB08314F004914F956E3250E735E8519B60
                                                                                                                                                                                                                                                                                                                                                                              Function 009FCD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 009FCD7D
                                                                                                                                                                                                                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 009FCDA6
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 057ec3b8073849f731d6b4b0a208deb20beadf58560fde38f88286f6ee313746
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9d54fcc444e37f216cab22bd51c3fc00645af49f46961c06e89a7bc60d46388d
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 057ec3b8073849f731d6b4b0a208deb20beadf58560fde38f88286f6ee313746
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A11A3B524563DBAD7244A668C45EFBBEADEF127B4F008626B219920C0D6749841D7F0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A13429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 00A134AB
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00A134BA
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 31f0719081022c01010433ec4ae8c57c9caae3452325f1e27e171e7918b0996f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 6cb7b416d82ca2fbc3d78acd288e5bc75a6d0053759e0e4cbca89968dbf1c57a
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31f0719081022c01010433ec4ae8c57c9caae3452325f1e27e171e7918b0996f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C211BC72100208AFEF228FA4DC80AFB37AAEB14375F504324FA61931E0C735DC919B60
                                                                                                                                                                                                                                                                                                                                                                              Function 009E6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?), ref: 009E6CB6
                                                                                                                                                                                                                                                                                                                                                                              • _wcslen.LIBCMT ref: 009E6CC2
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                              • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 946602ac946db867b2eb9aab9a792f9fd85efbba3fa5b306b81eb30fb4dd7b84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 5141165263fd9d9cbdb1a0adc4ed5c898c555f6d03d0cf5778f137270389eaed
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 946602ac946db867b2eb9aab9a792f9fd85efbba3fa5b306b81eb30fb4dd7b84
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C0108326005668BCB12AFBECC409BF73A9FBB17907500924E59296191EB35DD40C750
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 009E1D4C
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 13696900de4357e6183eff7d274a3bb0ca4074fe5cd77c4c3c0960b2f197b165
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 559968b71f1478cbc44710542eb9387b000dcde406864c5cb912d05a07cc53bd
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13696900de4357e6183eff7d274a3bb0ca4074fe5cd77c4c3c0960b2f197b165
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08014C35601218ABCB09FBA0CC15DFE73A8FF82350B144909F873673C1EA355D488760
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 009E1C46
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 7aacff71a038eb6fb16d59b0b8c05e97fac6fe9d416232b36e842a8e169e5d3c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: fa9e37dabf3401637e5912fc88b9e285e3ea2d571e89f712f7e146dfd4786f03
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7aacff71a038eb6fb16d59b0b8c05e97fac6fe9d416232b36e842a8e169e5d3c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C401A775B811446BCB05FBA1C956AFF77AC9B91340F240419B896B7282EA35DE0887B1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 009E1CC8
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 568958d1cbba6def9e44f3c83d0719d1f60de93cd65d49000d08bad516753ab5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e5de1a36ea898e03625c84afe2964dedcc3ce1c842e008f8ed43f63c861c200f
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 568958d1cbba6def9e44f3c83d0719d1f60de93cd65d49000d08bad516753ab5
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2501D675A8115867CB06FBA1CA05BFE73ACAB51340F244415B886B3282FA359F09C771
                                                                                                                                                                                                                                                                                                                                                                              Function 009E1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 00989CB3: _wcslen.LIBCMT ref: 00989CBD
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009E3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 009E3CCA
                                                                                                                                                                                                                                                                                                                                                                              • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 009E1DD3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: fcc6ad2686ec9aeb2872207d3e7cdab3a15352145755b4e2e52bce1bb5f21dcd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c74acdc6b179fb066734a75a9677ee1fbdccf5b3e5afcbcb56d0de82e07bf040
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcc6ad2686ec9aeb2872207d3e7cdab3a15352145755b4e2e52bce1bb5f21dcd
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13F0FF71A412186BCB05F7A5CC56BFE73ACAB82350F080D19B862632C2EA759E088360
                                                                                                                                                                                                                                                                                                                                                                              Function 00A0747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                              • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: da22ab3f3bcbc2c1f107a8556166e2c2d92ba3c33675a181932deded0f5ffb91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: e6ebf7f3f18c8586d9e101c708f2ea7bd6c6b8fbfd3f707f97e23efb7ee615a6
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da22ab3f3bcbc2c1f107a8556166e2c2d92ba3c33675a181932deded0f5ffb91
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3DE02B06A0426020D2311779BCC1A7F968DDFC6B90710182BF981C62A6EAE59DA193E1
                                                                                                                                                                                                                                                                                                                                                                              Function 009E0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 009E0B23
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: e9a5414c5beedb730e946f358e3bf38a1302bd74282050dd22056b3d166a0b51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 413addb2a7eb41789ccd7191bedac04940ff64777cc97fb06feae53a7b8a3071
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9a5414c5beedb730e946f358e3bf38a1302bd74282050dd22056b3d166a0b51
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ECE0483528431837D61436957C03FC9BA899F46F61F204426F798955C38BD268D046E9
                                                                                                                                                                                                                                                                                                                                                                              Function 009A0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 0099F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,009A0D71,?,?,?,0098100A), ref: 0099F7CE
                                                                                                                                                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,0098100A), ref: 009A0D75
                                                                                                                                                                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0098100A), ref: 009A0D84
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 009A0D7F
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: cfca32d5fcf74e3c23eec205faf79a4394f0ef263544e519ada15106ebedda12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 996ad6aa05a0780af460ff6faea6e99afe08ee884a56d076e3b5a1bc4bcaa9d0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cfca32d5fcf74e3c23eec205faf79a4394f0ef263544e519ada15106ebedda12
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77E06D742007418FD370EFB8D4083967BE4BB41750F00892DE486C6691DBB5E4898BD1
                                                                                                                                                                                                                                                                                                                                                                              Function 009F3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 009F302F
                                                                                                                                                                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 009F3044
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                              • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 93ed60f92d95c2a5b0d0c6e7980a351a1dbd11fb816d7ec1e911b1d04289380c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 9a1b68961e416a6b26187e4b75ffeb5dd950e09ec3240808dc00bb8c3de4cf53
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93ed60f92d95c2a5b0d0c6e7980a351a1dbd11fb816d7ec1e911b1d04289380c
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62D05EB654032877DA20E7E4AC0EFCB3A6CDB05760F0006A1B655E2091DAF09985CAD0
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A1232C
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00A1233F
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: ec4840a08b71d37bdc0d453fa15933740351100b2354408b3f9395a56d1b1c4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 0f009ad5730e349dc4d0de18ffbf45ecc83de8fbde4da0d3e3f73832867fd680
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec4840a08b71d37bdc0d453fa15933740351100b2354408b3f9395a56d1b1c4a
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CD022363C0300BBE264F3B0DC0FFC6BA05AB40B20F0089027305AA0D0C8F4A802CA04
                                                                                                                                                                                                                                                                                                                                                                              Function 00A12356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00A1236C
                                                                                                                                                                                                                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 00A12373
                                                                                                                                                                                                                                                                                                                                                                                • Part of subcall function 009EE97B: Sleep.KERNEL32 ref: 009EE9F3
                                                                                                                                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: a2464e8656ab0cb8d2aff4a53203c5ecd4f30c575dfc267a93c71999e671ab1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: 396bf07dc02132c0bd956e1f0f84811879bb756fc25d4b72a9b06fdd58061543
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2464e8656ab0cb8d2aff4a53203c5ecd4f30c575dfc267a93c71999e671ab1f
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13D022323C03007BE264F3B0DC0FFC6B605AB40B20F0089027301EA0D0C8F4B802CA08
                                                                                                                                                                                                                                                                                                                                                                              Function 009BBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 009BBE93
                                                                                                                                                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 009BBEA1
                                                                                                                                                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 009BBEFC
                                                                                                                                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                              • Source File: 00000001.00000002.2286714682.0000000000981000.00000020.00000001.01000000.00000003.sdmp, Offset: 00980000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2286405935.0000000000980000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A1C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2287145478.0000000000A42000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288170704.0000000000A4C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              • Associated: 00000001.00000002.2288528819.0000000000A54000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_980000_Pl8Tb06C8A.jbxd
                                                                                                                                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                                                                                                                                              • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                              • Opcode ID: 60633dedce710f7da0d3e7682e85ddef7226f356d7d58af127a6bd8a4b718992
                                                                                                                                                                                                                                                                                                                                                                              • Instruction ID: c2a6e86a8bde627e5f41c6819e90b7fa9cacdf4f1e130173a08f2d5595f02957
                                                                                                                                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60633dedce710f7da0d3e7682e85ddef7226f356d7d58af127a6bd8a4b718992
                                                                                                                                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45410A34600206AFCF219FA4CE54BFABBA9EF42730F144169F9599B1E1DBB08D01CB90